Attackers set sights on Mac OS X with Apple malware toolkit

News

Attackers set sights on Mac OS X with Apple malware toolkit

Robert Westervelt, News Director

The growing success of Apple’s Mac OS, bolstered by iPhone sales and new iPad tablet users, has caught the attention of cybercriminals who are setting their sights on Apple users.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

The CSIS eCrime Unit is in possession of videos documenting both the admin panel and its functionality, as well as the builder itself. Both video clips prove this kit to be fully operational already.

Peter Krause, CSIS partner and security specialist, CSIS Security Group blog

Danish IT-security firm, CSIS Security Group, has stumbled upon a new Apple malware crimeware toolkit targeting Mac OS X. Security researchers at the organization discovered the toolkit being sold in low numbers on several black hat hacking forums.

Called the Weyland-Yutani BOT, the toolkit sports an intuitive GUI and supports encryption, a capability needed to evade detection from antimalware software. Weyland-Yutani is a fictional corporation in the movie Alien. The researchers noted it also has advanced features, enabling savvy cybercriminals to augment it with additional capabilities and malware.

The cybercriminals behind the toolkit say they plan a version that could target iPad users as well as a version designed to work on Linux machines. The root code for Mac OS is UNIX. 

Currently, the toolkit targets Firefox users. Google Chrome and Safari support is expected in future versions.

“The CSIS eCrime Unit is in possession of videos documenting both the admin panel and its functionality, as well as the builder itself,” wrote Peter Krause, a CSIS partner and security specialist on the CSIS Security Group blog. “Both video clips prove this kit to be fully operational already.”

Fake antivirus campaign hits Mac users hard
Mac users are inundating a support forum about a new rogue antivirus campaign that appears to be targeting users of Mac OS X. The fake antivirus is a copy of the MacDefender program laden with malware. Once a victim downloads the files, the pesky software detects phony malware on the victim’s computer and downloads additional Trojans.

The rogue antivirus is believed to be spreading via drive-by attacks from infected websites. The Trojan can automatically open in Safari as a zipped installer. Mac users have inundated the Apple support forums requesting instructions on how to remove the rogue MacDefender software. One victim said his computer was infected while browsing images via Google. 

Mac users have increasingly fallen in the crosshairs of attackers. Last year cybercriminals designed an Apple phishing campaign using a website posing as an Apple Store. Malware has also surfaced targeting users of jailbroken iPhones.

Santa Clara, Calif-based McAfee Inc., now part of Intel Corp., predicted in December that Apple users would gain the attention of cybercriminals. The security vendor said the growing popularity of Apple devices and the lack of user understanding of proper security controls could snowball into bigger, more successful attacks against Apple users.