The attackers are sending targeted emails, which include malicious Mac OS X backdoor malware, to a number of Uyghur activists who are presumed Mac users. The malware is contained in a ZIP file that displays a JPEG photo, Kaspersky Lab explained in a release.
Researchers have analyzed the Mac OS X backdoor malware and concluded that it is a new, undetected variant of the MaControl backdoor, which supports both i386 and PowerPC Macs. Kaspersky Lab’s system detected the malicious variant as “Backdoor.OSX.MaControl.b.”
When executed, the MaControl backdoor installs itself on the victim’s Mac and connects to its command and control server to get instructions. The backdoor allows its operator to list and transfer files and run commands on the infected Mac computer at will. During the analysis of the malware, Kaspersky Lab pinpointed the location of the command and control server in China.
Costin Raiu, director of global research and analysis at Kaspersky Lab, commented: “We believe that as the adoption increases for Mac OS X, so will both mass-infection attacks and targeted campaigns. Attackers will continue to refine and enhance their methods to mix exploits and social engineering techniques to try and infect victims. Just like PC malware, this combination is commonly the most effective and cybercriminals will continue to challenge Mac OS X users’ security, both technically and psychologically.”