Skip Navigation

Enterprise

Mac Trojan infects machines through Microsoft Office exploit

Mac Trojan infects machines through Microsoft Office exploit

Mac Trojan infects machines through Microsoft Office exploit

A new OSX Trojan has been discovered – called Backdoor.OSX.SabPub.a – which uses a Java exploit which bypasses malware detection programs. It comes after the discovery of the Flashback Trojan this month.

According to Kaspersky Lab, the Trojan connects to a command and control server and uses a Java exploit with an obfuscator to bypass malware detection programmes. Its command and control server is hosted on a VPS in Freemont in the US.

Costin Raiu, Kasperky Lab expert, said the exploit is being spread through infected Microsoft Office Word documents. It’s linked to the advanced persistent threat (APT) attacks known as Luckycat.

Raiu said attackers took over Kasperky Lab's ‘goat’ infected machine and began to analyse it. It listed the contents of its root and home folders and stole documents placed in there.

Two variants of the Trojan have been discovered, one of which was created in February 2012. The second variant’s original file name was ‘10th March Statemnet’ (sic) which related to a special statement given by the Dalai Lama on 10 March 2011 pertaining to the Tibetan community. As a result, it’s believed the Trojan could be targeting Tibetan activists.

It’s the latest Mac Trojan discovered this month. Earlier, the Flashback Trojan was discovered and infected 600,000 Macs worldwide. Apple has since released software to detect and combat the Flashback Trojan.

  • Career Zoo
    Career Zoo Ireland’s keynote career event for professionals and graduates. 


Follow Us on LinkedIn Follow Us on Pinterest Follow Us on YouTube Follow Us on Flipboard Follow Us on Flickr Get the Siliconrepublic Chrome extension