New Trojans Use Old Tricks To Infiltrate Macs

New Trojans Use Old Tricks To Infiltrate Macs

The adage that Apples don’t get viruses might soon prove to be false. Security analysts have identified a pair of Trojans aboard the computers of multiple Pro-Tibetan NGOs that appear to infiltrate Macs using the same exploit that’s worked on Windows systems for years.
Giz Au Editor’s Note: This story originally stated that iOS devices were likely to be affected; that wasn’t the case (or the point of the article) and I’ve amended it accordingly.

Security analysts at Alien Vault have identified a pair of Trojans that infiltrates computer systems by posing as innocuous Word documents and activating if opened. Once on the system the Trojans send the infected system’s computer, user and domain name to a remote server, establishing back door access for the attacker. “The purpose here clearly is information stealing,” said Alexis Dorais-Joncas, Security Intelligence Team Leader at ESET.

As Apple products gain wider and wider acceptance among both consumers and governments, the rewards for exploiting them increase proportionately. “What [attackers] have been installing via APT-style, targeted attack campaigns for Windows, they’re now starting to do for Macs, too,” said Ivan Macalintal, a security researcher at Trend Micro. This is especially true in the case of the Tibentan NGOs.

The C&C portion of the Trojans appears to communicate with a server somewhere in China, which would indicate that the infection was both politically motivated and specifically designed to attack Mac-centric organisations. “While APT-for-Mac isn’t exactly new, it does seem like the attackers are catching on that many of these organisations use Macs more than the general public,” Seth Hardy, a Senior Security Analyst for Citizen wrote to Ars Technica.

“It’s also interesting that the attackers are developing multi-platform attacks: we’ve seen the Mac malware bundled with similar Windows malware, and the delivery system will identify the user’s operating system and run the appropriate program.” [Alien Vault via Ars Technica]