Published in News

Russian hackers are targeting Macs

by on16 February 2017


Putin orders another soft target


After gaming the US election to help Donald (Prince of Orange) Trump win, Tsar Vlad Putin has ordered his tame hackers to target Mac users.

Security researchers have discovered a macOS malware program which comes from the same tool set used by the Russian cyberespionage group blamed for hacking into the US Democratic National Committee last year.

The group - known in the security industry under different names including Fancy Bear, Pawn Storm, and APT28 - has been operating for almost a decade. It is believed to be the sole user and developer of a Trojan program called Sofacy or X-Agent.

X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan.

It is thought that a macOS malware downloader dubbed Komplex, found in September, might be involved.

Komplex infected Macs by exploiting a vulnerability in the MacKeeper antivirus software, according to researchers from Palo Alto Networks who investigated the malware at the time. The vulnerability allowed attackers to execute remote commands on a Mac when users visited specially crafted web pages.

The focus of the malware appears to be to probe the system for hardware and software configurations, grab a list of running processes, execute additional files, get desktop screenshots, and harvest browser passwords. One module is designed to search for and steal iPhone backups stored on Macs, which can contain further sensitive information about the targeted users.

It is not clear why Tsar Putin wants to hack Macs. While they are a soft target, the most he is going to score is a few Coldplay collections and some badly typed essays from a kid writing about what he did in his holidays.

It might be part of a wider Putin campaign against “homosexual gay decadence” which Apple has become associated with in Russia.

Last modified on 16 February 2017
Rate this item
(0 votes)

Read more about: