Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


FireEye - OS X Systems Being Hit with Windows Trojan

Security firm FirEye recently analyzed a new Mac version of XSLCmd backdoor Trojan which has been around since 2009 and it shares a major portion of code with the Windows version.

Computerworld.co.nz published a report on 6th September, 2014 quoting security researchers as saying "The backdoor code was transferred to OS X from a backdoor of Windows which has been used widely in targeted attacks during past many years and also have been updated several times in the process."

XSLCmd can open a reverse shell, transfer and list files and install more malware on an infected computer.

However, the OS X version has increased functionalities as compared to the Windows version which allows victim monitoring by key logging and computer screen.

The backdoor copies itself to "$HOME/Library/LaunchAgents/clipboardd" as a Mach-O executable file and generates a file inside the folder which ensures that threat will be launched whenever the user logs in.

The malicious program checks the version of the OS (operating system) during installation and it shows that versions exceeding Mountain Lion (or 10.8) are not considered. This indicates that malware writers either struck victims who are having this version of OS X or the strain was especially produced for Mountain Lion, the ninth major release of OS X.

FireEye identifies its author as "GREF" which is a name they coined due to usage of Google references by the group in their work and believes that GREF is the only group using this malware on Mac or Windows.

Computerworld.co.nz reported on 6th September, 2014 stating that traditionally GREF has targeted a wide range of organizations including US Defense Industrial Base (DIB), engineering and electronic companies across the world and foundations and other NGOs especially those having interests in Asia.

Remote-control tools and surveillance targeted at Mac users are not common. However, AlienVault, a security tool vendor, documented an office two years ago for Mac attack targeting Tibetan non-government organizations.

Kaspersky Lab, a Russian security firm, discovered that so-called IceFrog group hit South military and media outlets in Japan and Korea last year after developing backdoor-installing malware which worked on Windows machines and Mac.

ยป SPAMfighter News - 9/13/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page