Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Version of the MaControl Trojan Spotted In the Wild

Posted by timothy on from the little-beady-coyote-eyes dept.

EliSowash writes "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."

1 of 77 comments (clear)

  1. Re:Won't be surprising to see a spike? by Em+Adespoton · · Score: 4, Interesting

    Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

    The difference is in WHAT the threats are -- last year brought us FakeAV for Macs, which showed that the criminal element was now looking at the platform as profitable. Then, later in the year, we got Flashback, which has been continually updated through April to provide botnet access and a data leak conduit on OS X.

    But the real news hasn't been with these pieces of fake software, it's been with Trojanized backdoor and keylog software... which has been climbing at a steady rate, both in variants and in detected installs. We're seeing a dramatic increase in data exfiltration on Macs. It's not really a case of "now the floodgates are going to open!" but more a case of "the gates opened last year, and we're going to keep seeing the consequences."

    Apple has taken note however, and has implemented a number of security changes -- not just GateKeeper, but little significant things such as not letting MachO binaries run unless they're in a proper executable bundle with proper file permissions and an info.plist.

    So for the first time, we're seeing a malware arms race on OS X, which truly has never happened before.

    While not dramatic, this is a few particular reasons to believe that we're on the cusp of a non-linear increase -- because it's now profitable to scam OS X users via their OS, and more and more criminal groups are realizing they can take some of the unsuspecting pie.