Kaspersky Lab has discovered a new Mac OS X backdoor being used for an Advanced Persistent Threat campaign, creating further concern about the security of Apple's desktop operating system.
Researchers at the Russian security firm discovered that Uyghur activists in China were being targeted by hackers, who sent customised emails with a zipped attachment containing malicious Mac code, disguised by a jpeg image.
The code is a new and primarily undetected variant of the MaControl backdoor, which supports both i386 and PowerPC Macs, and once executed, it connects to a Command and Control server, which gives an operator access to files and the ability to run commands on the infected Mac.
Kasperksy Lab found that the Command and Control server utilised in the infection of its research computer was located in China, suggesting the source of the attack comes from within the restrictive country, where activists frequently risk exposure from targeted malware.
“Macs are growing in global popularity, even amongst high-profile people. Many choose to use Mac OS X computers because they believe it’s safer,” said Costin Raiu, Director of Global Research & Analysis at Kaspersky Lab. “However, we believe that as the adoption increases for Mac OS X, so will both mass-infection attacks and targeted campaigns. Attackers will continue to refine and enhance their methods to mix exploits and social engineering techniques to try and infect victims. Just like PC malware, this combination is commonly the most effective and cybercriminals will continue to challenge Mac OS X users’ security, both technically and psychologically.”
Macs were largely considered more secure than Windows-based computers for years, often leading to many users not installing any anti-virus software. However, hackers are beginning to target Apple's software more often and many users are paying the price for security complacency.