Syrian Electronic Army implicated in Mac malware attacks
The Mac Trojan creates a backdoor and appears to have been used in a targeted attack, according to security company Intego. Thankfully for users, the “threat level appears to be low”, even if users have had machines infected.
When the malware connected to machines, it pinged the system to check the connection was active and then tried to download an image related to the Syrian Electronic Army:
Mac Trojan trouble
“It’s advised that users keep all their software, particularly operating system, browsers and browser plugins (such as Flash and Java if applicable) up to date as exploits are common ways for such attacks to spread,” Intego said, in a blog post.
The company said it was not sure how the malware was getting onto users’ machines, but it was likely through spear phishing emails or a watering hole attack, where users visit a website containing malicious code. Both are tactics that have been employed by the Syrian Electronic Army.
Despite the lack of worrisome functionality, the malware seems to be doing a good job of avoiding Mac security protections.
“The Mac Trojan hides itself from the Dock and Cmd-Tab Application switching. It then opens the JPEG image inside the Application bundle with the standard OS X application Preview, which fools the user into thinking that it was just an image file,” Intego added.
“The Trojan application installs a permanent backdoor that allows the attacker to send a variety of commands.”
What do you know about Internet security? Find out with our quiz!