Mac Trojan infects machines through Microsoft Office exploit


16 Apr 2012 0 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A new OSX Trojan has been discovered – called Backdoor.OSX.SabPub.a – which uses a Java exploit which bypasses malware detection programs. It comes after the discovery of the Flashback Trojan this month.

According to Kaspersky Lab, the Trojan connects to a command and control server and uses a Java exploit with an obfuscator to bypass malware detection programmes. Its command and control server is hosted on a VPS in Freemont in the US.

Costin Raiu, Kasperky Lab expert, said the exploit is being spread through infected Microsoft Office Word documents. It’s linked to the advanced persistent threat (APT) attacks known as Luckycat.

Raiu said attackers took over Kasperky Lab’s ‘goat’ infected machine and began to analyse it. It listed the contents of its root and home folders and stole documents placed in there.

Two variants of the Trojan have been discovered, one of which was created in February 2012. The second variant’s original file name was ‘10th March Statemnet’ (sic) which related to a special statement given by the Dalai Lama on 10 March 2011 pertaining to the Tibetan community. As a result, it’s believed the Trojan could be targeting Tibetan activists.

It’s the latest Mac Trojan discovered this month. Earlier, the Flashback Trojan was discovered and infected 600,000 Macs worldwide. Apple has since released software to detect and combat the Flashback Trojan.

You May Also Like

You May Also Like

Work at Tableau Software

  • Tableau-Software-Eugene-Hillery

    Tableau Software (NYSE: DATA) helps people see and understand data. Tableau helps anyone quickly analyse, visualise and share information.

                  Our-Jobs       Our-Stories

SUBSCRIBE TO OUR E-ZINE

  • Simply pop in your email to get a Monday morning email with all the must-read content from Siliconrepublic.com

More from Business

Latest News