Mac OSX malware discovered on unofficial Dalai Lama website

4 Dec 2012

A new Mac Trojan called Dockster, which exploits a Java vulnerability and logs keystrokes, has been found embedded on an unofficial website dedicated to the Dalai Lama.

Malicious Java applets embedded in the Tibetan site’s homepage exploit the same Java vulnerability used by the Flashback Trojan, which affected around 600,000 Mac computers. This vulnerability has been patched in the latest version of Java, however, and a security memo from Intego describes the risk as low.

If executed, the spyware deletes itself from the location where it was run and installs itself in the user’s home directory under the filename .Dockset. It cannot be seen in Finder, but it can been seen when running in the OS X Activity Monitor.

The Trojan has basic backdoor functionality which gives its controller remote access to affected computers and the ability to download additional files. It also includes a keylogger, which means it can record a user’s keystrokes and use this data to obtain commonly used passwords and log-in details.

While the threat is not yet known to be widespread, users are advised to update to the latest version of Java and to install anti-virus software in order to protect themselves against this exploit.

Elaine Burke is the editor of Silicon Republic