The Latest in IT Security

More Mac Malware Exploiting Java


Reports of new Mac malware variants exploiting CVE-2012-0507 surfaced last week. The Java vulnerability is the same one used by Flashback to infect more than 600 thousand Macs.

The first new threat was analyzed by the folks at Trend Micro. The Java applet for Mac actually exploits CVE-2012-0507, and if successful, the payload is the same malware that AlienVault Labs discovered last month (being used in targeted attacks against human rights NGOs).

The second threat seems to be a completely new piece of malware at first. However, succeeding samples that have been collected reveal that the malware is also being dropped by the same word documents exploiting MS09-027/CVE-2009-0563, used to drop Backdoor:OSX/Olyx.C and Backdoor:OSX/MacKontrol.A. Which was also reported by AlienVault last month.

Both malware seem to be active at the moment and are controlled manually as observed by ESET and Kaspersky respectively. Both use the same malicious Java class dropper component. MD5: 5a7bafcf8f0f5289d079a9ce25459b4b

F-Secure antivirus detects these threats as Backdoor:OSX/Olyx.B and Backdoor:OSX/Sabpab.A.

MD5: 78f9bc441727544ebdc8374da4a48d3f – Backdoor:OSX/Olyx.B (also known as Lamadai.A)
MD5: 40c8786a4887a763d8f3e5243724d1c9 – Backdoor:OSX/Sabpab.A (also known as Lamadai.B)
MD5: 3aacd24db6804515b992147924ed3811 – Backdoor:OSX/Sabpab.A

These malware variants are being used in targeted attacks against Tibetan focused NGOs and are therefore very unlikely to be encountered “in-the-wild” by day to day Mac users. If you’re a Mac using human rights lawyer however… your odds of exposure are another matter entirely. If you don’t it already, now is the time to install antivirus on your Mac.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments