New Mac Trojan 'SabPub' Found Hiding in Word Document
A new Trojan horse named SabPub which uses a malicious Word documnet to infect computers runnign Apple's Mac OS platform has been discovered by security experts.
The Trojan - which goes by the full name of Backdoor.OSX.SabPub.a - connects the infected Mac to a remote website and waits for instructions; these can include executing commands or taking screenshots. A group of these infected computers, called a botnet, can be used to devastating effect by the person in control.
Taking screenshots and sending them to the person in control, could have the potential to capture sensitive personal and financial information without the user being aware of the security breach.
Two weeks ago, a Russian security company, Dr. Web, identified another Mac trojan, called Flashback, which had infect 600,000 Macs worldwide. While Apple has since issued software to identify and remove the malware, Rik Ferguson, Director Security Research & Communication EMEA at Trend Micro, told IBTimes UK last week that Apple has not reacted quickly enough to these sort of threats.
Speaking about the new malware discovered, Costin Raui, a kaspersky Lab expert, wrote on the Securelist blog: "The Java exploits appear to be pretty standard, however, they have been obfuscated using ZelixKlassMaster, a flexible and quite powerful Java obfuscator. This was obviously done in order to avoid detection from anti-malware products."
Security expert Graham Cluley wrote on the Naked Security blog: "A new version of the Mac OS X Sabpab Trojan horse has come to light, and rather than relying upon a Java vulnerability - it appears to be exploiting malformed Word documents instead.
"If you open the booby-trapped Word document on a vulnerable Mac, a version of the OSX/Sabpab Trojan horse gets installed on your computer opening a backdoor for remote hackers to steal information or install further code."
Cluley adds that the decoy is a simple Word document that is transferred on to the user's hard drive and displayed to act as a camouflage - he also points out that Mac users may be caught out by SabPub as it does not ask for your username or password before getting to work.
Highlighting the importance of being aware of malware attacks like SabPub, Cluley said: "So, any Mac users who believe that they have protected themselves because they don't use Java probably needs to realise that that's not an effective defence. And although there's no reason to believe that this attack is widespread, it's clearly time for some people to wake up to the reality of Mac malware.
"Mac users - please get an anti-virus, for goodness sake."
© Copyright IBTimes 2024. All rights reserved.