Once again, Apple’s OS X is being confronted with a security risk. The latest backdoor has been discovered by Russian security firm Kaspersky Labs and is being used as part of a Advanced Persistent Threat campaign. This is just the latest in a series of security risks present in the Mac OS X operating system.
Kaspersky researchers found that Uyghur activists in China were being targeted by hackers. These hackers sent e-mails with a compromised attachment that was in the form of a JPEG. The code hidden inside the JPEG was a new form of the MaControl backdoor and is compatible with both the PowerPC and i386 Mac variants.
The researchers found that the Command and Control server that the malware was reporting back to was located in China. This suggests that it could be the government trying to keep tabs on these activists. For years, users believed that Mac OS X was safer than Windows. However, with all of these recent outbreaks, people are starting to realize this is not the case.
It had seemed safer because not many hackers targeted Macs due to their low market penetration. Apple has now realized the times and taken down a comment from its website that claimed they weren’t susceptible to the same malware that Windows PCs are. Clearly, they are no longer sure this is the case.
Most recently, Kaspersky Lab researchers found that cyberthreats targeting the Mac OS X platform have been used as part of a comprehensive campaign targeting Uyghur activists–apparently presumed to be using Macs–by sending customized e-mails with attached ZIP files exploiting a malicious Mac OS X backdoor.
Like untold threats targeting Windows, the infected ZIP file is delivered as a phishing attack leveraging social engineering techniques, enticing victims with a JPEG photo that masks the malware.
The Mac OS X attack appears to be a new threat– detected as the most recent variant of the MaControl backdoor Trojan, which supports both i386 and PowerPC Macs. Once it gains entry, the Trojan installs itself on the Mac and immediately connects to its command and control center—which appears to be located in China–for instruction. The backdoor then has the ability to list and transfer files, as well as run commands on the victim’s Mac at the discretion of the malware’s operators.
The new MaControl variant is the latest in a string of recent APT-driven attacks this year targeting the Mac OS X platform. In April, Kaspersky Lab researchers detected an active APT campaign, so called SabPub, which targeted Mac OS X by exploiting a MS Office vulnerability running on the platform. Once the Trojan was installed on a victim Mac OS X, it could then take screenshots of the user’s current session and execute commands on the infected computer.
Prior to that, the Flashflake Trojan ran rampant on users’ Macs, creating a botnet comprised of more than 700,000 infected computers.
While Mac threats hasn’t yet reached the same heights as their Windows counterparts, the numbers are on a steady incline and will continue to grow, thanks in large part to a rising Mac OS X market share.
That said, the barrage of new Mac threats could open up new opportunities for security partners with tried and true mechanisms long-deployed on Windows environments. For one, the rising tide of Mac threats could easily pave the way for channel partners to add Mac security products and mechanisms to their portfolio.
Also, unlike previous years, the highly publicized spate of Mac threats will allow partners to simply start conversations with their customers in regards to securing their Mac environments.
Historically, with market share in the single digits, the Mac OS X has not been a highly lucrative target for cyber criminals. As such, Macs became known as the “secure” platform, lulling users into a false sense of security and making them largely resistant to any external security product or best practice.
But that might be changing. As threats targeting the Mac platform continue to emerge, many users will have to play “catch-up,” with everything from security best practices and awareness, to products and management for Mac environments.
Those knowledge gaps leave potential windows of opportunity for the channel, enabling partners to essentially go back to square one with basic security consulting services, and standard security software dedicated to the Mac OS X platform once thought to be immune to threats.