Another Trojan that is designed specifically for Mac OS X has been spotted in the wild. Just like the Flashback Trojan this one exploits Java vulnerabilities. This new Trojan requires no user interaction to infect an Apple Macintosh Computer just like Flashback. Sophos is calling the new Trojan “SX/Sabpab-A”, while Kaspersky is referring to it as “Backdoor.OSX.SabPub.a”.
After the Mac is infected, this Trojan behaves like most: it connects to a remote website using HTTP in typical command and control (C&C) fashion to fetch instructions from remote hackers allowing them to instruct it what to do. Additionally this new Trojan contains the ability to take screenshots of the user’s session, upload and download files, as well as the ability to execute commands remotely on the infected machine. Encrypted logs are also sent back to the control server, so the hackers can monitor activity.
You can check for infection by looking for the following files:
If you’ve downloaded and installed the latest software update from Apple that patch the Java vulnerabilities or disabled Java, you’re safe.
Most experts agree that this is most likely just the beginning and that MAC users can expect more attacks directed at OS X.
For almost 20 years, Chris Staples, the founder of Advanced Network Consulting has been servicing Southern California small and medium size businesses with their technology and networking needs. Specializing in start-up companies, Advanced Network Consulting designs, purchases, and implements networks and servers. Clients range from auto mechanics and trucking companies, to attorney offices and non-profits, many with multiple offices. Chris has seen the evolution of technology and has the hands-on experience and knowledge to customize and maximize your business’s technology needs. Chris has also worked with other IT professional in large companies to implement office build-outs, aid in office relocation’s, network projects, and web development.