Mac Malware Targets Dalai Lama Supporters

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Onlookers believe Tibetans are being targeted again

Fresh malware targeting Mac OS X has been seen spewing out of a website related to the Dalai Lama, a significant figure in Tibetan Buddhism.

The Dockster malware is using a Java-based exploit to break into people’s machines, security company F-Secure warned. The site in question is, and is not the official site, although it appears the two are related.

The malware itself has one similarity with the Flashback malware, which hit over 600,000 Mac machines, as they both exploited the same vulnerability.

Dalai Lama sites targeted

“Current versions of Mac OS X and those with their browser’s Java plugin disabled should be safe from the exploit,” an F-Secure blog read.

“The malware dropped, Backdoor:OSX/Dockster.A, is a basic backdoor with file download and keylogger capabilities.” The malware can also infect Windows users.

This is not the first time Dalai Lama supporters have been targeted. In November, Sophos said it had spotted a variant of the Imuler Mac Trojan spread alongside images of Tibetan organisations.

Earlier this year, Tibetan non-governmental organisations were targeted by another Mac Trojan, called MacControl.

Fingers have pointed at China in attacks on Tibetan digital infrastructure. China says it will decide who the next Dalai Lama is, but the current Dalai Lama has claimed the next in line could either be a woman or come from outside of Tibet.

In September, security firm AlienVault said it had discovered the creator of the PlugX Remote Access Tool (RAT), which had been used by hackers from various countries to target Tibet. The creator hailed from China.

Think you’re a security pro? Try our quiz!