Mac Malware Targets Defense Industry of US
The report of Collin Anderson and Claudio Guarnieri, who are researching Iranian cyberespionage threats, found a malware on the website, called MacDownloader, posing as U.S. aerospace organisation known as United Technologies.
The researchers claimed that the bogus site was used before in an attack of pierce phishing email to distribute Windows malware and it is believed that Iranian hackers maintain it.
Anyone visiting the website, you are greeted with a page of free programs and courses for employees of U.S. defense companies Boeing, Raytheon and Lockheed Martin.
An Abode Flash installer downloads the malware to implant a video in the site. The website will offer either Mac-based or Windows malware which depends on the existing operating system.
PCWorld posted on 7th February, 2017 stating that the MacDownloader malware was planned to shape the computer of the victim and then embezzle credentials by creating bogus login boxes of the system and removing them from the system of password management of Apple known as Keychain.
The researchers said that this malware is of inferior quality and possibly, it is a first effort by a developer who is an amateur.
For example, when this malware is installed, it will generate a bogus a dialog box of Adobe Flash Player, only then to announce that the adware was exposed in the computer which it will try to remove.
The researchers said that these dialogues are also common with basic typos and grammatical mistakes which indicate that the developer paid little attention towards quality control.
The researchers found other incidental proof which indicate that this malware is connected to Iran. The agent of MacDownloader uploaded an exposed server which revealed wireless networks known as "mb_1986" and "Jok3r". Both the names have connections with hacking groups of Iran including one called Flying Kitten, believed to be targeting political dissidents and defense contractors of U.S.
Anderson sent an email stating that one of their colleagues also observed MacDownloader which was targeting an activist of human rights. The researchers said that the danger is that several supporters of human rights, particularly in Iran, are reliant on Apple devices. The researchers wrote in their report: "The sudden emergence of this malware is concerning in view of the recognition of Apple computers although this malware is neither full-featured nor sophisticated."
» SPAMfighter News - 13-02-2017