Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

New Mac OS X Botnet Taps Reddit For Command and Control

Researchers at Russian security firm Dr. Web have come across a new piece of malware which has already infected thousands of Mac OS X devices.

Researchers at Russian security firm Dr. Web have come across a new piece of malware which has already infected thousands of Mac OS X devices.

The threat, detected by the company as “Mac.BackDoor.iWorm,” has been developed in C++ and Lua, and enables cybercriminals to execute a wide range of commands on infected machines. The backdoor can collect information on the infected system, download files, execute system instructions, and carry out other commands that are typical for botnets.

iWorm Mac MalwareWhat is interesting about Mac.BackDoor.iWorm is that it uses the social link-sharing site Reddit to get a list of command and control (C&C) servers.

“[In] order to acquire a control server address list, the bot uses the search service at reddit.com, and—as a search query—specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd,” Dr. Web said in a blog post. “The bot picks a random server from the first 29 addresses on the list and sends queries to each of them. Search requests to acquire the list are sent to reddit.com in five-minute intervals.”

As security expert Graham Cluley explains, Reddit is not to be blamed for the fact that the malware is abusing its platform.

“[Reddit has] done nothing wrong as such, and even if they shut down the accounts that are communicating with the botnet there would be nothing to stop the hackers behind the campaign creating new accounts or using an alternative service (Twitter, perhaps?) to communicate with the compromised computers,” Cluley said.

Dr. Web has also pointed out that the threat uses encryption in many of its routines.

As of September 29, the company had identified a total of 18,519 infected devices, over a quarter of them located in the United States. Infections have also been spotted in Canada, the United Kingdom, Spain, France, the Netherlands, Brazil, Mexico, Australia, Sweden and Russia. It’s uncertain at this point how the malware is being distributed.

Advertisement. Scroll to continue reading.

Earlier this week, researchers at Lacoon Mobile Security reported finding an iOS Trojan which they suspect could be used by the Chinese government against people taking part in the pro-democracy protests in Hong Kong. The malware, dubbed Xsser, is capable of stealing all sorts of sensitive information from infected iOS devices.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...