Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

New Mac Malware Variant Targeting Tibetan Activists

Tibetan activists are being targeted by a new variant of the Imuler (Revir) Trojan that was originally discovered in September. The attack is launched via email, and uses images of other pro-Tibetan groups as bait in order to encourage the victim into opening files.

Tibetan activists are being targeted by a new variant of the Imuler (Revir) Trojan that was originally discovered in September. The attack is launched via email, and uses images of other pro-Tibetan groups as bait in order to encourage the victim into opening files.

According three different security firms – Sophos, F-Secure, and Intego, the current build of Imuler is just like the others. It steals data by searching the victim’s computer for files and by using screen shots. The reason that Imuler is so interesting is that it targets systems running Mac OS X.

“This data is then uploaded to the controller’s server. It creates a unique identifier for the specific Mac to be able to link the Mac and the data it collects. The backdoor also allows new files to be downloaded onto an affected system,” according to Intego.

This latest attack seems to be targeting sympathizers of the Dalai Lama and the Tibetan government. As is the case with the previous two Imuler attacks, a successful compromise ensures data loss and complete control of the system is ceded to the attacker. As for who is behind the attack, speculation hasn’t changed there either.

“It will be left as an exercise to the reader to come up with a shortlist of who might have an interest in breaking into the computers of Tibetan organisations,” commented Sophos’ Graham Cluley.

Earlier this year, another Mac-based attack was targeting supporters of Tibet. The Trojan, named “Mac Control” by its authors, executes when the system starts, and will established a connection to the C&C in order to wait for commands. Investigation into the malware itself shows it has the ability to allow remote shells, as well as the ability to send, receive, and delete files.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Malware & Threats

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...