The Invincible’s Weak Spot – a New Variant of Malware/Spyware on the Mac OS X Platform
by Gaveroid on Sep.12, 2013, under General
Everyone seems to think that Apple’s Mac OS X operating system is 100% virus free – but that’s not true. A new variant of malware has been found that infects Mac OS X machines – here’s more about it, such as how it works, and how you can protect yourself from it.
This new variant of malware (that’s what it’s reported as, I think it’s more towards spyware) has been discovered on OS X by a security company called Intego. The name of the malware is OSX/Tibet.D. It’s a variant of the Tibet viruses, which have been known to infect Macs in the past. This nasty infection enables the attacker to access files on your computer, as well as initiate commands.
According to Mashable, Apple hasn’t yet responded to their request for a comment.
Here’s more on what it does, and how it works (a.k.a. the technical stuff… yay!).
What happens is, a Java applet is ran without asking the user. That installs a Java archive which (once installed) creates a backdoor so the attacker can access the data on your computer.
Now, it’s not the only virus on the Macintosh platform, but it’s one of a select common few. It makes it’s way to your machine using a Java applet on a certain website. Java does not come pre-loaded on Mac OS X, as it has been known to be a big security problem in the past. However, you may install it if you like. If Java is not used in 35 days, it is automatically disabled (but you can re-enable it without reinstalling).
What happens is, a Java applet is ran without asking the user. That installs a Java archive which (once installed) creates a backdoor so the attacker can access the data on your computer as well as run commands. The Java vulnerabilities (which have been recently patched in the latest update) that it uses are CVE-2013-2465 and CVE-2013-2471. If you have not updated your Java to the latest version, I’d recommend doing so… pronto!
According to Intego, the files inside the Java archive are the following (image found at Intego’s website – it can be found at this link).
When that archive is installed, it creates these files:
LaunchAgent is a tool that starts the malware once you reboot the computer. The malware initates the backdoor, known as “AudioService.” What that backdoor does, is it contacts a Chinese command-and-control server. It recieves commands from the attacker through that server, therefore, letting them access the files on your machine.
If you have a Mac, it would be a wise idea to install some kind of antivirus (Intego claims that their VirusBarrier antivirus will protect Macs from that and similar viruses), as well as update Java. Always make sure your programs are updated for added security!
by Gavin Trutzenbach
Looking for something?
Use the form below to search Gaveroid.com:
Still not finding what you're looking for?Contact us so we can take care of it!