MacOS Version of Xagent Seizes Screenshots, Passwords and Especially iPhone Backups
One fresh variant of the Xagent malware that APT28 the Russian hacker syndicate reportedly created has been detected, while the variant attacks Mac users.
BitDefender the anti-virus company within one blog post outlines that Xagent was earlier utilized for breaking into iOS, Windows, Linux and Android devices, and currently it is infiltrating Macs as well. The variant has been found as Xagent's only edition thus far which believably manages infiltrating Macs.
BitDefender discovered that the malware was one version of X-Agent (also referred to as Xagent), one malicious program that earlier targeted Linux and Windows computers. The security firm traced similarities within it while found its connection with APT28, as well as stated that it was getting spread via one familiar Trojan the Komplex installer. Macobserver.com posted this online dated February 14, 2017.
Creators of Xagent's MacOS version tried it for taking screenshots, getting hold over passwords, and most vitally hacking iPhone backups for seizing the original iOS edition's data. BitDefender says that its earlier examination of malware strains recognized as being connected to APT28 depicts several resemblances among the Xagent component Sofacy/APT28/Sednit to target Linux/Windows and the presently discovered binary of MacOS which is the company's investigation object. Unlike ever before, similar modules exist like RemoteShell, KeyLogger and FileSystem along with one likewise network module known as HttpChanel.
One more resemblance is of the Xagent binary's file path, which shows its creator was the same person behind the development of Komplex that's one Trojan in its earliest stage which Sofacy utilizes for contaminating systems under attack. Its discovery was during September by security investigators at Palo Alto Networks. The security investigators at BitDefender suspect Komplex planted the MacOS edition of Xagent.
APT28 is a known highly advanced and successful syndicate for online spying globally, while it often abuses 0-day exploits referred to as attack codes for earlier unfamiliar security flaws. The syndicate allegedly carried out many hacking attacks worldwide down the years, with its targets often hinting of geopolitical interests of Russia. According to security investigators, the syndicate most probably has connection with GRU the Russian Military Intelligence Service.
» SPAMfighter News - 20-02-2017