Just as the Mac Flashback malware has begun to decline, security researchers at Kaspersky Lab, Sophos and Intego are talking about a new Trojan horse that targets Apple Macs using the same security flaw in Java that Flashback exploited.
The new malware—dubbed “SabPub” by Kaspersky and “Sabpab” by Sophos and Intego—is what the researchers are calling a basic “backdoor” Trojan horse, which can steal information from infected systems.
“[J]ust like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac,” Graham Cluley, senior technology consultant at Sophos, said in an April 13 post on the company’s NakedSecurity blog. “The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.”
The Sabpab Trojan creates files and then sends encrypted logs back to the command-and-control (C&C) server, enabling the hackers to monitor the activity on the system, Cluley wrote.
Costin Raiu, a security expert for Kaspersky, said in an April 15 post on the company’s SecureList blog that researchers there had been watching a fake infected system that they had set up to monitor the malware, which he said linked back to a C&C server that had the same IP address that had been used in other malware samples found targeting Macs last year.
Related articles
