Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Newest Mac Malware is Snatching Passwords

The anti-Virus firm that discovered the Flashback Trojan, Dr. Web, has discovered another family of Mac-based malware that targets passwords. In addition to Mac OS X, this malware also targets Linux installations.

The anti-Virus firm that discovered the Flashback Trojan, Dr. Web, has discovered another family of Mac-based malware that targets passwords. In addition to Mac OS X, this malware also targets Linux installations.

It isn’t clear how the malware spreads, the security company explained in a blog post, but when examined – it was clearly targeting passwords entered into a number of Internet applications on Mac OS X and Linux. 

Additional examination shows that the malware uses AES to communicate with its C&C, and will create a working copy of itself in the user’s home directory. The backdoor will act as a keylogger and targets passwords entered by the user in Opera, Firefox, Chrome, and Chromium, and passwords stored by such applications as Thunderbird, SeaMonkey, and Pidgin.

For now, the only true mitigation (aside from signatures and the likely chance that heuristics will flag the malware), is to block communication to the main control server with the IP address 212.7.208.65.

Dr. Web is still investigating the malware’s origins, but they are calling the newly discovered OS X backdoor Wirenet.

As mentioned, Dr. Web is credited with discovering the Flashback Trojan, which is responsible for the largest OS X-based botnet in history. According to the recent figures, and a report form the firm recapping the year’s malware statistics, Flashback is still a legitimate concern.

“Despite the fact that more than four months have passed since the discovery of the largest-ever Mac botnet, comprised of machines infected with Backdoor.Flashback.39, it would be premature to talk about its dissolution. At the moment, the botnet consists of 126,781 infected machines, which is 21,711 fewer hosts than at the end of July. In general, the rate of the BackDoor.Flashback.39 botnet’s reduction has declined noticeably (the malicious network was losing 76,524 machines a month until August),” the report explains. 

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Malware & Threats

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...