Mac Backdoor Used in Campaign Targeting Chinese Dissidents

By Lucian Constantin, 2-Jul-2012

Mac OS X backdoor distributed by email-based attack campaign targeting Uighur activists.

A new Mac OS X backdoor is being distributed as part of email-based attacks against Uighur activists, according to security researchers from antivirus firm Kaspersky Lab.

The Uighur are a Turkic ethnic group living primarily in the Tarim Basin in the Xinjiang Uighur Autonomous Region of China. As is the case with Tibet, there is an international activist movement that calls for the independence of this region and an end to alleged human rights violations against Uighurs in China.

An advanced persistent threat (APT) campaign targeting Uighur activists was detected on June 27, Costin Raiu, director of Kaspersky's global research and analysis team, said in a blog post on Friday.

The campaign consisted of rogue emails written in Uighur and accompanied by a ZIP file attachment. The ZIP archive contained a new version of a Mac OS X backdoor called Macontrol that supports both i386 and PowerPC Macs, Raiu said.

Once installed on a Mac computer, the backdoor connects to a command and control server located in China and allows attackers to list and transfer files, as well as execute other commands on the infected machine.

Once installed on a Mac computer, the backdoor connects to a command and control server located in China and allows attackers to list and transfer files, as well as execute other commands on the infected machine.

A different version of the same Mac backdoor was used earlier this year in attacks against Tibetan activists, Jaime Blasco a security researcher with security firm AlienVault said in a blog post on Friday.

Other Uighur-themed malicious emails seen recently distributed a Windows remote access trojan (RAT) program that calls back to the same command and control server in China as the Mac backdoor, Blasco said. This Windows RAT was also previously used in attacks against Tibetan activists.

The increasing popularity of Mac computers and their adoption by high profile targets will cause the number of APT attacks targeting the Mac OS X platform to grow, Raiu said. "Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."

Source: IDG News Service

LATEST NEWS

  • AMD may Build ExactTrak Data-zapping into its Chips, to Compete with Intel vPro

    AMD said Thursday that it signed a deal with ExactTrak to embed the security company's technology inside its microprocessors. While no new products accompanied the announcement, the deal leaves open the possibility that AMD-based PCs could be remotely zapped--yes, literally--by users or network administrators.

  • Intel to Close $15 bn (about Rs 90,000 crore) Deal to buy Altera

    California based global tech giant, Intel, is set to close a deal to buy fellow chip maker Altera Corp. for about $54 (about Rs 3,480) per share, 15 percent more than Altera’s closing share price on Thursday, $47 (about Rs 2,620).

  • Server Sales Bolstered by Cloud Expansions

    Server vendors recorded the strongest shipment growth in over four years for the first quarter, mainly driven by continued investments in the hyperscale server infrastructures that power public and private clouds.

  • Salesforce Doubles Down on Big Data with New Analytics Tool

    All the data "lakes" in the world won't amount to much if you can't figure out what they mean for your business. With that in mind, Salesforce on Thursday unveiled Salesforce Wave for Big Data, a new tool designed to help business users make sense of their information stores using the Salesforce Analytics Cloud.

More news »