New Mac Malware, SabPub, Used In Targeted Attacks

Researchers at Kaspersky Lab says a new malicious program, dubbed SabPub, exploits the same Java security hole as the Flashback Trojan and enables targeted attacks against Mac users.

Researchers at Kaspersky Lab says a new malicious program, dubbed SabPub, exploits the same Java security hole as the Flashback Trojan and enables targeted attacks against Mac users.

The new malware was identified in a blog post by Kaspersky Lab expert Costin Raiu on Saturday and is described as a “custom OS X backdoor” application, which gives attackers access to infected systems. The warning comes as infections linked to the Flashback program have begun to wane, after Apple followed the lead of other firms, releasing a program to detect and remove infections linked to the malware. 

SabPub appears to date to mid-March and components of the malware were first detected in the wild on April 2nd and April 12th – both in China, according to the post on the Securelist blog.

SabPub works like other downloaders, which are the workhorses of the malware world. After infecting a vulnerable OS X machine, it connects to a Web site that is part of a command and control network on the Internet. From there, it receives and runs instructions to download other malicious components that can be used to log keystrokes, enroll the infected host in a botnet, and so on. Raiu said that clues in the malware suggest that it is still under development.

The appearance of another Mac-focused malicious program will be more bad news for Apple corp., which has long marketed its Mac systems as safe from viruses, worms and other kinds of malicious code. The recent appearance of a botnet consisting of some 500,000 infected Macs casts doubt on those claims, while the appearance of SabPub suggests that Mac-focused malware may become an endemic problem for Mac systems, as it is for those running Microsoft Windows. The emergence of a Mac malware ecosystem may also force changes on Mac users. A recent report suggested that many Mac users were running vulnerable versions of the Java software, exposing them to the Flashback Trojan. 

Suggested articles

Discussion

  • Anonymous on

    Apple's plan is to close OS X in favor of iOS like on the iPad/iPhones. No Flash, no Java etc., all software comes from Apple.
  • Anonymous on

    fare    hi

  • tm on

    That strategy won't help them, because they leave holes in software, too.

    (e.g. Safari...)

  • Anonymous on

    People just had to click on 'Macs are impenetrable to viruses and trojans' on the poll, didn't they?

  • Anonymous on

    This is the first time the poll actually worked for me!

  • Randy Grein on

    Hmm, the poll works!

    Interesting that the poll groups trojans and virii together. On a mac the first are a bit of a problem, the second not so much. Still, I suppose that as prevention and cure are largely the same for both it doesn't make THAT much difference.

    BTW, I voted 'Yes'. I already use AV software on my macs and have for a few years. It made sense to prepare for the day it was actually needed, and here we are. Just because Macs are mostly virus and trojan free (2% infection rate is tiny compared to the PC world) is no reason to tempt fate. The 'impenetrable' choice is just silly; a troll masquerading as a poll question. Of course, on the PC side I've been using one AV product or another for 20 years, and have worked with many customers to clean up malware infections. There were plenty of businesses (and consultants!) who insisted that the virus problem was a myth designed by security people to scare people into spending money, right up to the point they got hit.

     

  • mukoka alvin on

    i want quick updates for kaspersky

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.