Think Apple Computers are Immune to Malware ?
There is a new attack that shows otherwise.
There is a new malware attacking macOS systems that can rob your iPhone backups and passwords.
And we think it’s from the same hackers responsible for the 2016 election attacks.
For the last few decades people have believed that mac OS is not vulnerable to malware and viruses.
For a long time this was true. However now that Apple’s macOS systems have a bigger market share, it makes them a bigger target.
According to Bitdefender research the macOS is being targeted by a new kind of malware that is very cunning. Bitdefender thinks that APT28 (aka Fancy Bear) developed it, the same Russian government affiliate responsible for the leaks and hacks of the 2016 election.
The malware can rob passwords, capture live screenshots, and even duplicate iPhone backups because it is built on Xagent like its other cousins.
How this new malware works
Using a Komplex downloader it infects macOS systems. Komplex downloader is malware in itself that uses other programs to rob data. This is usually accomplished by spear phishing attacks and infected DMG files and executables. Through its command and control servers, Komplex infects the macOS by posing as an official Apple servers so as to avoid detection.
Once infecting Komplex sees everything going on in the compromised machine. It also can download modules enabling it to log keys strokes, rob passwords, see a lists of active processes, index files, take screenshots, and even copy iPhone backups, all without you knowing.
Did it really originate in Russian?
According to Bitdefender, they believe it was developed by the Russian government player APT28. Bitdefender also says that it is identical to the Sofacy/APT28/Sednit Komplex OSX Trojan saying that a number of modules in the Xagent module for macOS and similar spyware developed by APT28 target Windows and Linux machines.
If true it seems that your robbed data is going to Russia. What Russia is going to do with this information god only knows. No matter what it is, it isn’t good news for personal or business macOS users.
How to protect your network
2. MacOS systems should not be allowed to download executable programs that aren’t from the App Store or another safe source. It’s only a matter of time before APT28 or another malware takes control of a machine, if users are allowed to download and run any software they want.
3. Educate users on phishing prevention, best security practices, and proper use of BYOD computer for business. Machines can’t be infected if users follow safe practices.