New Version of the MaControl Trojan Spotted In the Wild

EliSowash writes "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."

Won't be surprising to see a spike?

[znu]

Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

Re:Won't be surprising to see a spike?

[Em+Adespoton]

Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

The difference is in WHAT the threats are -- last year brought us FakeAV for Macs, which showed that the criminal element was now looking at the platform as profitable. Then, later in the year, we got Flashback, which has been continually updated through April to provide botnet access and a data leak conduit on OS X.

But the real news hasn't been with these pieces of fake software, it's been with Trojanized backdoor and keylog software... which has been climbing at a steady rate, both in variants and in detected installs. We're seeing a dramatic increase in data exfiltration on Macs. It's not really a case of "now the floodgates are going to open!" but more a case of "the gates opened last year, and we're going to keep seeing the consequences."

Apple has taken note however, and has implemented a number of security changes -- not just GateKeeper, but little significant things such as not letting MachO binaries run unless they're in a proper executable bundle with proper file permissions and an info.plist.

So for the first time, we're seeing a malware arms race on OS X, which truly has never happened before.

While not dramatic, this is a few particular reasons to believe that we're on the cusp of a non-linear increase -- because it's now profitable to scam OS X users via their OS, and more and more criminal groups are realizing they can take some of the unsuspecting pie.

Re:Won't be surprising to see a spike?

[jo_ham]

It's not about floodgates it's about prevention and it's about criminal activity / value. The damage will speak for itself when normal people have their cc drained because the data was pulled out of AppStore or something akin.;

I thought Apple were already doing that to our credit cards? Surely there will be nothing left for the malware authors.

Re:Won't be surprising to see a spike?

[interval1066]

Maybe if mac fan boys wouldn't have kept on with the "macs don't get virii" through the years it wouldn't get the press its getting now.

Re:Think Different

[oztiks]

Saying it has never convinced the Mac community though. All those years of MS bashing will eventually come full circle.

Computers store valuable information, linux, windows, bsd, osx, they are all computers they all have something of value to steal. I've always thought just as the computing industry has smartened up to malicious activity so have the criminals, biding their time with Apple I've always thought was a long term investment, wait until there was enough Mac users out there so that when you make a run on people's CC details you make it a good one.

Remember it took 10 years for MS to learn their lesson, talking about what would kill Apple, a 10 year long "I told you so" would do it. I guess that'll never happen because eventually (after they suck up their pride) they can ask MS or even Trend/Norton/McAfee for help, which they will because Apple is completely unprepared for the shit storm that is to follow.

Re:Think Different

Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

compared to windows it is. if only due to no internet exploder. course basic literacy is on the decline these days so maybe i need to reluctantly point out for the knee-jerk idiot crowd that "more resiliant" does not mean "absolutely 100% invulnerable".

but the average mac user will likely be more sensible. I hope.

the average mac user paid more money for a mac because they thought windows was too hard. your hope is misplaced.

to make the point consider the opposite scenario. there are proof-of-concept viruses for linux. do you know why there are no linux viruses spreading in the wild? because the average linux user actually has a clue, something you cannot claim for the average windows or mac user.

linux users tend to understand that "2 hour paris hilton sex video!" should not be a 238kb executable. they understand that the guy sending them e-mail is not really a nigerian prince. they understand that their bank should already have their account number. they understand that their browser performing an HTTP GET of a .jpg does not mean that site can tell if their computer "has a virus".

you can have the greatest system in the world. if you put it in the hands of an idiot it will still get compromised.

Re:Obviously bogus

[__aaltlg1547]

MacControl isn't a virus. It's a Trojan and Macs are just as vulnerable as Windows PCs or Linux PCs for that matter because users can bypass any OS security.

Re:Obviously bogus

[DJRumpy]

Well considering this can't self-replciate, and you must be duped into opening the zip, then launching the attachment, your statement is true in the scope of this malware. It's a trojan, not a virus.

This is about as nefarious as me sending a batch file to you saying 'run this safe file'.

It is pure social engineering, and has nothing to do with the OS security, other than it targets a Mac. Rather poor social engineering at that, as the message itself appears to be gibberish, with an attachment. The least they could have done is put something that even remotely interested the user into opening the attachment, rather than a random string of alpha characters.

Re:Why Macs?

[ad454]

Don't forget about GAY PORN. Gigabytes and gigabytes of the gayest, hairiest, sweatiest, large-cocked ass-pounding with spurts of semen flying everywhere. Black men, white men, ladyboys, furries...yes. Porn SO GAY and lots and lots of it. Like a big pride parade with lots and lots of real gay sex. Freddie Mercury and Rock Hudson would be proud, ahh, the progress of society.
Gay, gay, gay.

Wow Anonymous Coward, you describe the GAY PORN experience with such vivid and enthusiastic detail, that you must have extensive first hand experience.

Thank you for being so brave to come out of the closet and share your experience. I just hope that your boyfriend is okay with all of your PORN viewing.

Re:Obviously bogus

[macs4all]

After all, everyone knows that Mac's can't get viruses.

After all, everyone knows that ACs can't use apostrophes correctly.

Re:Think Different

[macs4all]

Apple is completely unprepared for the shit storm that is to follow.

You're right, of course. Apple is completely unprepared.

And keep in mind that those features are already installed in an OS that has a spotless track record as far as self-replicating malware (worms and true viruses, rather than stupid-ass Trojans).

So yeah, Apple is just sitting there with their proverbial pants down, waiting for insertion...

Clueless moron.