Fourth Version of Notorious Mac Focused Malware Detected

As accords to security researchers at security firm Intego, a fourth variant of notorious Mac-focused malware used for stealing data from systems of Tibetian activists known as OLX/Tibet.D has been discovered in the wild.

The malware was first discovered in China in March 2012. Its sole purpose is cyber espionage and was dubbed "Tibet" because it was specifically found in e-mails targeting Tibet-based activists.

Itweb.co.za published news on 17th September, 2013 quoting Lysa Myers, Security Researcher of Intego as saying "OSX/Tibet.D has learned some cunning new tricks."

She says that the attack disembarks via a Java applet on a website and drops a Java archive with the backdoor and launches it without a user by a Java vulnerability".

The malware uses two recently fixed Java flaws known as 'CVE-2013-2465' and 'CVE-2013-2471'.

Once installed, the malicious code opens a hush-hush backdoor to the affected machine giving the cybercriminals access to documents on the machines as well as to run commands.

The archive is named '/Library/LaunchAgents/com.apple.AudioService.plist' and it makes sure that the malicious software is executed on every startup. The second file is entitled '/library/Audio/Plug-Ins/Components/AudioService' which is the real backdoor.

However, for now, the threat level is small unless you are a Tibetan activist.

"I suppose that Apple will slipstream uncovering for it into XProtect.plist sooner. In any case, its real stretch is almost surely as light as you'd anticipate from targeted malware," said David Harley, a Senior Research Fellow at ESET, as published by infosecurity-magazine.com on September 16, 2013.

Even though this particular Mac-malware is not liable to be bumped into by anybody who is not a lively opponent of China in Tibet, it's apparent that sophisticated cybercriminals are engrossed in infecting machines and using malicious software to spy upon their anticipated victims, said Independent Security Researcher Graham Cluley, as published by grahamcluley.com on September 12, 2013.

Mac users should wake-up and run good quality AV software as much as their window cousins and it is important to stress the significance of keeping servers and software running on them and update the security flaws to reduce the probability of implanting malicious code by cyber crooks.

» SPAMfighter News - 9/24/2013