New Version of the MaControl Trojan Spotted In the Wild

EliSowash writes "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."

Won't be surprising to see a spike?

[znu]

Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

Re:Won't be surprising to see a spike?

[Em+Adespoton]

Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

The difference is in WHAT the threats are -- last year brought us FakeAV for Macs, which showed that the criminal element was now looking at the platform as profitable. Then, later in the year, we got Flashback, which has been continually updated through April to provide botnet access and a data leak conduit on OS X.

But the real news hasn't been with these pieces of fake software, it's been with Trojanized backdoor and keylog software... which has been climbing at a steady rate, both in variants and in detected installs. We're seeing a dramatic increase in data exfiltration on Macs. It's not really a case of "now the floodgates are going to open!" but more a case of "the gates opened last year, and we're going to keep seeing the consequences."

Apple has taken note however, and has implemented a number of security changes -- not just GateKeeper, but little significant things such as not letting MachO binaries run unless they're in a proper executable bundle with proper file permissions and an info.plist.

So for the first time, we're seeing a malware arms race on OS X, which truly has never happened before.

While not dramatic, this is a few particular reasons to believe that we're on the cusp of a non-linear increase -- because it's now profitable to scam OS X users via their OS, and more and more criminal groups are realizing they can take some of the unsuspecting pie.

Re:Think Different

Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

compared to windows it is. if only due to no internet exploder. course basic literacy is on the decline these days so maybe i need to reluctantly point out for the knee-jerk idiot crowd that "more resiliant" does not mean "absolutely 100% invulnerable".

but the average mac user will likely be more sensible. I hope.

the average mac user paid more money for a mac because they thought windows was too hard. your hope is misplaced.

to make the point consider the opposite scenario. there are proof-of-concept viruses for linux. do you know why there are no linux viruses spreading in the wild? because the average linux user actually has a clue, something you cannot claim for the average windows or mac user.

linux users tend to understand that "2 hour paris hilton sex video!" should not be a 238kb executable. they understand that the guy sending them e-mail is not really a nigerian prince. they understand that their bank should already have their account number. they understand that their browser performing an HTTP GET of a .jpg does not mean that site can tell if their computer "has a virus".

you can have the greatest system in the world. if you put it in the hands of an idiot it will still get compromised.

Re:Obviously bogus

[__aaltlg1547]

MacControl isn't a virus. It's a Trojan and Macs are just as vulnerable as Windows PCs or Linux PCs for that matter because users can bypass any OS security.

Re:Obviously bogus

[DJRumpy]

Well considering this can't self-replciate, and you must be duped into opening the zip, then launching the attachment, your statement is true in the scope of this malware. It's a trojan, not a virus.

This is about as nefarious as me sending a batch file to you saying 'run this safe file'.

It is pure social engineering, and has nothing to do with the OS security, other than it targets a Mac. Rather poor social engineering at that, as the message itself appears to be gibberish, with an attachment. The least they could have done is put something that even remotely interested the user into opening the attachment, rather than a random string of alpha characters.

Re:Why Macs?

[ad454]

Don't forget about GAY PORN. Gigabytes and gigabytes of the gayest, hairiest, sweatiest, large-cocked ass-pounding with spurts of semen flying everywhere. Black men, white men, ladyboys, furries...yes. Porn SO GAY and lots and lots of it. Like a big pride parade with lots and lots of real gay sex. Freddie Mercury and Rock Hudson would be proud, ahh, the progress of society.
Gay, gay, gay.

Wow Anonymous Coward, you describe the GAY PORN experience with such vivid and enthusiastic detail, that you must have extensive first hand experience.

Thank you for being so brave to come out of the closet and share your experience. I just hope that your boyfriend is okay with all of your PORN viewing.