New version of OSX malware. Doc discovered

the message of a sophisticated Mac Trojan called OSX. Doc follows the discovery of a further variant of the OSX. Dok-droppers. The original OSX. Dok was reported last week by checkpoint, spread through email attachments and could eavesdrop on secure HTTPS connections on infected systems themselves. A security researcher from malwarebytes now reports of a variant of the carrier programme, which behaves very unterschiedllich and all other malicious software installed.

 malware (image: Maksim Kabakou/Shutterstock)

also of this dropper is packaged as a application called Dokument.app in an archive and tried to disguise themselves as a document. It is signed with the same certificate as before, whose Gültigkeit was meanwhile lifted by Apple . Like the previous version, it copies itself to /Users/Shared/AppStore.app and returns same warning that pretends a damaged application.

the new version but never shows the fake window of supposedly available OSX updates that takes up the whole screen. Instead, she joins about a minute and deletes itself. Instead of OSX. To install doc, creating an open-source back door named Bella.

Bella was created by an author who calls himself only as “Noah” on GitHub. There, he published Python scripts which can grab for example, iCloud login credentials or credit card information chrome from . At the Bella published in February of this year is a Python script with far-reaching capabilities. Include password phishing, recording microphone and webcam images, the creation of screenshots and the exfiltration of Keychain and iMessage protocols. To macOS 10.12.1 may even root-corrections get through vulnerabilities in the operating system.

a script called Builder allows the adaptation of Bella. The version here was configured for the connecting with a particular command and control server, whose IP address points to Moscow. It is unclear whether the author of Bella has to do with the attackers. His scripts could be employed easily by hackers for their own purposes, since the software as open source is freely available. malwarebytes

this malware called OSX. Bella. It is reassuring that she could no longer provide since the withdrawal of the code-signing certificate for new infections. Who was infected before, you should change all passwords after removal of malicious software. Business users the security researchers point out that this malware capable of is to access corporate data on a large scale.

WEBINAR

what next – BB´s storage & co: the enterprise cloud!

get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples. [Update: the webinar has already occurred.] Register now and look at the record.

Be the first to comment

Leave a Reply