Mac-based Trojan targets Uyghur activists
Human rights attacked online
Security researchers have intercepted a Mac-based Trojan attack targeting Uyghur human rights activists.
The Uyghur are a minority ethnic group that live in Eastern and Central Asia, mostly (but not exclusively) within the geographical borders of China. A run of infected emails sent to Uyghur activists, and intercepted by security researchers at Kaspersky Lab, featured an attached ZIP file, containing a jpg photo and a "MacOS X app".
"The application is actually a new, mostly undetected version of the MaControl backdoor (Universal Binary), which supports both i386 and PowerPC Macs," writes Costin Raiu, director of Kaspersky Lab's global research & analysis team, in a blog post. The Russian firm detects the malware as Backdoor OSX MaControl-B.
If executed, the malicious application opens a backdoor on compromised Mac computers, periodically querying a command and control server for instructions. This command and control server is located in China.
Human rights activists as well as high-tech firms, government agencies and military contractors have all been targeted for cyber-spying attacks over recent years. Most of these attacks are ultimately aimed at compromising Windows boxes on targeted networks but Mac machines are far from immune from assault. For example, security tools biz AlienVault warned of booby-trapped Microsoft Office designed to infect Macs and targeted against Tibetan activists back in April.
In other malware infecting human right site news. AlienVault’s research team warned on Friday that a large human rights web portal that has been compromised and is serving up malware to site visitors. The ASEAN site* has been hacked to expose visiting surfers to attacks based on a Windows XML Core zero-day vulnerability, AlienVault warns, referencing an advisory on the attack vector by Sophos published earlier last week. ®
*More specifically a Thailand NGO portal related to ASEAN (Association of Southeast Asian Nations) human rights.
virus vs trojan
malware - catch-all term for all types of threats, including trojans, viruses, 3rd party stuff that affects previously authorised software, worms, etc.
virus - self propagating malware. Still no evidence of one that affects Mac OS X.
trojan - requires user intervention. Exists since the dawn of history on most if not all operating systems. Hell, even Multics had one (a prank, but still a trojan).
I kind of expect technically literate people to know the difference. Otherwise, you'll be placed in the same category as the users who, when asked which operating system they're running, claim they're running "Microsoft Office" or "Outlook".
"You have to be a really silly user since OSX already warns that:"
Windows has done that for years. Whilst it's reduced the efficiency of these sort of attacks they do still work.
Anyone who is certain that they never ever would is setting themselves up for an embarrassing fall.