Russian Cyberspies Blamed For US Election Hacks Are Now Targeting Macs (computerworld.com)

← Back to Stories (view on slashdot.org)

Russian Cyberspies Blamed For US Election Hacks Are Now Targeting Macs (computerworld.com)

Posted by msmash on Wednesday February 15, 2017 @02:00AM from the further-expansion dept.

You may recall "APT28", the Russian hacking group which was tied to last year's interference in the presidential election. It has long been known for its advanced range of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. From a report on ComputerWorld: The group -- known in the security industry under different names including Fancy Bear, Pawn Storm, and APT28 -- has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent. X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan. It's not entirely clear how the malware is being distributed because the Bitdefender researchers obtained only the malware sample, not the full attack chain. However, it's possible a macOS malware downloader dubbed Komplex, found in September, might be involved. Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software, according to researchers from Palo Alto Networks who investigated the malware at the time. The vulnerability allowed attackers to execute remote commands on a Mac when users visited specially crafted web pages.Further reading on ArsTechnica.

41 of 251 comments (clear)

Min score:

Reason:

Sort:

What? by Anonymous Coward · 2017-02-15 02:03 · Score: 4, Interesting

WTF. Is someone from a Russian IP address emailing mac owners saying they are from Apple and asking for their passwords?
1. Re:What? by Anonymous Coward · 2017-02-15 02:30 · Score: 2, Insightful
  
  WTF. Is someone from a Russian IP address emailing mac owners saying they are from Apple and asking for their passwords?
  It has yet to proven the Russians had any affect on the outcome of the US Presidential Election 2016. Hillary was the worst candidate the Democrats could have fronted. I would have liked President Trump to have kept NSA Flynn and then working with the Russian Government plan and deliver a bunker busting bomb on the parliament buildings of North Korea in response for their repeated missile launches. Sadly Trump is succumbing to Washington, DC's, "business as usual." Sad.
2. Re:What? by goose-incarnated · 2017-02-15 03:10 · Score: 4, Insightful
  
  "Those election-hacking Russians" is the new "those commie bastards".
  
  You'll have to excuse me for not falling for this now, the way I didn't fall for it 30 years ago.
  
  --
  I'm a minority race. Save your vitriol for white people.
3. Re:What? by Curunir_wolf · 2017-02-15 03:51 · Score: 2
  
  Melania is from Slovenia, you moron.
  
  --
  "Somebody has to do something. It's just incredibly pathetic it has to be us."
  --- Jerry Garcia
4. Re:What? by Curunir_wolf · 2017-02-15 05:17 · Score: 2
  
  Melania is from Slovenia, you moron.
  Slovenia was communist, and it was part of Yugoslavia when Melania was peddling her ass over there. While Yugoslavia was technically an "independent" state, it was really just a satellite of the USSR.
  You could have done without the disgustingly derogatory remark about Melania's ass. Way to keep it classy. Also, USSR is NOT Russia, Yugoslavians are NOT Russians. They were VICTIMS of the failed socialist empire, and escaped as soon as they could. Claiming someone from Slovenia is Russian is like claiming everyone in Tibet is Chinese.
  
  --
  "Somebody has to do something. It's just incredibly pathetic it has to be us."
  --- Jerry Garcia
The irony of the vulnerability... by geekmux · 2017-02-15 02:06 · Score: 4, Interesting

"...Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software...
Oh, the irony of an antivirus program running on a BSD-based OS being the vulnerability.
Yes, Mr. Anti-Vendor, please sell me another wonderful solution you think I need...
1. Re:The irony of the vulnerability... by DontBeAMoran · 2017-02-15 02:16 · Score: 4, Interesting
  
  MacKeeper already had a bad reputation, this only reinforces it.
  
  --
  #DeleteFacebook
2. Re:The irony of the vulnerability... by omnichad · 2017-02-15 02:40 · Score: 3, Informative
  
  Bad reputation? That's an understatement. It's an outright scam. If I see it on a system, that gets removed immediately - no questions asked. Even if it was a paid-for version.
3. Re:The irony of the vulnerability... by TheRaven64 · 2017-02-15 02:58 · Score: 2
  
  The same thing happens on Windows. For example, last year there was an arbitrary code execution vulnerability in the code that Norton Antivirus uses to scan images. For some idiotic reason, they were running this code with kernel privilege. It ran whenever an image file was written to disk, so it could be exploited by simply receiving an email attachment in a spam, which your antivirus would then scan and run the exploit, even if you never opened the file.
  
  --
  I am TheRaven on Soylent News
4. Re:The irony of the vulnerability... by ColdWetDog · 2017-02-15 03:43 · Score: 2
  
  Windows Defender works well on Macs - it just sits there. Doesn't waste cycles. Doesn't add to vulnerabilities. No visual clutter. No annoying messages.
  What's not to like?
  
  --
  Faster! Faster! Faster would be better!
5. Re:The irony of the vulnerability... by Osiris+Ani · 2017-02-15 03:46 · Score: 2
  
  FreeBSD runs on a Mach microkernel?
  Darwin in OSX is derived from 4.4BSD.
Let's be clear on what we mean by election hacking by halivar · 2017-02-15 02:06 · Score: 5, Insightful

They sent John Podesta a bogus email, and he clicked the link. Because of that, we now know the entire DNC plotted against Bernie. The only actual "election hacking" that took place is how the democratic party apparatus chose and coronated the only possible person who could lose to Donald Trump (of all people).
But blame Russia.
Stop repeating the meme by Anonymous Coward · 2017-02-15 02:07 · Score: 4, Informative

The "election" was never hacked. A political party was, and its dirty laundry was aired.
1. Re:Stop repeating the meme by Anonymous Coward · 2017-02-15 02:37 · Score: 3, Interesting
  
  And districts that let illegals vote favored Clinton. Fancy that.
  Massive vote fraud, some of it proven, ie caught on tape by Project Veritas. The so-called "hacking" is fake news. The real news is the bussing, multi-voting, and illegal votes. I think you know it.
2. Re:Stop repeating the meme by cbraescu1 · 2017-02-15 04:34 · Score: 2
  
  You think a non-networked device can't be hacked? Happens periodically with ATMs
  By definition an ATM machine is networked. How else could it be connected to the bank?
  
  --
  Catalin Braescu
  Ofaly.com
3. Re:Stop repeating the meme by AmiMoJo · 2017-02-15 04:56 · Score: 2
  
  It's accurate to say that the election was interfered with by hacking. Releasing DNC dirty laundry, while not doing the same to the Republicans, undoubtedly had an effect on the outcome of the vote. Don't even bother trying to claim that the Republicans don't have any dirty laundry.
  The release of more HRC emails to close to the vote, and the ridiculous decision of the FBI to start an investigation right then certainly had an effect too. The fact that HRC was vindicated didn't undo the damage. The intent was clearly to damage her chances.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re: Stop repeating the meme by FunkSoulBrother · 2017-02-15 05:50 · Score: 2
  
  Good. Seems like a morally justifiable thing to do when you're in a state where ~466,000 people == 1 electoral vote and there is a state next door where ~257,000 people == 1 electoral vote.
  Until that is resolved it's basically these are basically sham elections.
5. Re:Stop repeating the meme by Rockoon · 2017-02-15 06:39 · Score: 3, Interesting
  
  The real real news:
  
  The Democrats now only control...
  
  ... 24% of State legislature seats.
  ... 32% of Governor seats.
  ... 44% of House seats.
  ... 46% of Senate seats.
  
  The Democrats have less than 1 out of 4 State legislatures now, and less than 1 out of 3 Governorships.
  
  The Democrats got wiped out nation-wide at every level.
  
  Thats the real news. Your welcome.
  
  --
  "His name was James Damore."
6. Re:Stop repeating the meme by mjr167 · 2017-02-15 07:53 · Score: 2
  
  But at no point does anyone renounce the content of the emails...
  Everyone seems to want to blame the people that leaked the emails, not the people that wrote them.
7. Re: Stop repeating the meme by FunkSoulBrother · 2017-02-15 11:52 · Score: 2
  
  I don't believe there has been an election where Democrats have won based off of these unbalanced electoral votes while losing the popular vote? Unless you want to count John Quincy Adams in 1824? Certainly nothing in my lifetime or the modern post Civil Rights Act Democratic party.
  But yes, I'll cry foul exactly the same way if a Democrat manages to get elected based on electoral votes, and can't sew up a popular vote victory.
I was going to vote Clinton... by Anonymous Coward · 2017-02-15 02:17 · Score: 3, Funny

...but because of the Russian hackers I ended up voting Trump. I've no doubt that many other people were influenced in the same way, and I'm certain Clinton would have won if it weren't for the Russian hackers.
I'm also convinced the Russian hackers caused BREXIT and are secretly supporting the Dutch Party of Freedom, the 5 Star movement and other European populist parties.
Okay, just to be clear, I'm writing this ironically. What's truly hilarious is that the mainstream media writes this stuff seriously. They've really gone off the deep end and into the territory of lunatic conspiracy theorists. I look forward to CNN reporting that Russians are using mind rays to control how people vote.
Mackeeper is utter shit by Camembert · 2017-02-15 02:17 · Score: 5, Insightful

So now MacKeeper is an antivirus software? Rather it is the company with the most annoying popups anywhere for Mac users. Useless software that is aggressively marketed.
Re:Let's be clear on what we mean by election hack by jcr · 2017-02-15 02:24 · Score: 4, Interesting

the democrat apparatus also stuffed the ballot box for Trump during the primaries
Got a source for that? I know that Trump entered the race as a favor to Hillary to sow discord in the Republican ranks, but I haven't seen any evidence that the apparat did anything more for him than give him round-the-clock news coverage that starved out his rivals.
-jcr

--
The only title of honor that a tyrant can grant is "Enemy of the State."
Re:Let's be clear on what we mean by election hack by jcr · 2017-02-15 02:26 · Score: 5, Interesting

there is ZERO proof the DNC "rigged" anything.
Oh, get serious. The whole "superdelegate" apparatus exists only to thwart the will of the voters.
-jcr

--
The only title of honor that a tyrant can grant is "Enemy of the State."
Re:Let's be clear on what we mean by election hack by Anonymous Coward · 2017-02-15 02:30 · Score: 3, Insightful

Trump *did not* enter the race as a favour to Hillary.
And the parent is correct about the DNC promoting the shittiest RNC candidates (like Trump) in order to set the GOP up to fail. Google "pied piper candidate".
Putin making big trouble for moose and squirrel! by Orangedog_on_crack · 2017-02-15 02:32 · Score: 4, Funny

Demonizing Russia is sooooo 20th century. But I guess political party insiders conspiring with big legacy media outlets to cheat a popular candidate and his supporters in favor of a corrupt old hag who was convinced that it was "her turn(!)", well let's hope the rubes buy that Boris and Natasha "interfered" with the DNC's interference. Because Russia
MacKeeper? by goombah99 · 2017-02-15 02:42 · Score: 2

Wait, that's a legit company? I assumed it was a virus. It always pops up anytime I visit any sketchy site with the most obnoxious ads.

--
Some drink at the fountain of knowledge. Others just gargle.
Something that has to happen: by John+Allsup · 2017-02-15 02:46 · Score: 2

On Linux, something I find very annoying with apt-get is that everything goes into a single /usr hierarchy, rather than having multiple ones and overlaying. Right now, it is a hack at best to do stuff like this. But serious thought, on all OSs, needs to be given to the following:
The point is to make the core of the OS read-only at runtime, preferably read-only at a hardware level (that is, install the OS on a small SSD which even the kernel cannot write to during normal running, and which delegates what configuration settings can be overridden from the writable portion of the files).
Essentially the 'principle of least privilege' is something that OS designers need to give far more serious thought to, and also what privileges are actually needed during normal runtime. Updating the core OS should be done from a 'secondary OS' whose only purpose is updating the core OS, and is restricted in its nature so as to only be able to do this. (The ideal place for this is in PC firmware, where one should use the firmware to install the base OS, and once booted, the base OS is effectively immutable.)
(Yes, this is basically a coarse capability-based security system, partially enforced in hardware, in a way which leaves users in control.)

--
John_Chalisque
1. Re:Something that has to happen: by ctilsie242 · 2017-02-15 03:31 · Score: 2
  
  The later revs of macOS try to do this with SIP (system integrity protection). Does it work? I've not read anything showing that it has been compromised, but it is a software solution like SELinux, so there is probably a way to bypass it.
  What I would like to see is taking that a step further and having all operating systems run on thin hypervisors (think Hyper-V, ESXi, KVM, or whatnot.) That way, a web browser can be in its own separate VM with a separate filesystem, banking data can be in another VM, and general documents in yet a third, with a decent UI allowing for seamless operation, but yet preserving separation (like having a warning dialog if cutting/pasting between VMs.)
  I wish Apple would add TPM support to the SMC. That way, there wouldn't be this preboot phase with FileVault as there is now, unless TPM cannot unseal the key, and the machine would remain secure. Add a pre-boot PIN or USB flash drive (similar to BitLocker), and it would provide solid security.
Re:Let's be clear on what we mean by election hack by Anonymous Coward · 2017-02-15 02:52 · Score: 5, Informative

Clinton got debate questions in 2 debates, from CNN.
Clinton did fund raisers with down-ticket people. There is a cap (a couple thousand) that someone can donate to a candidate. The DNC set her up with numerous other Congress runners so the cap was number of people * cap, then Clinton took 98% of what was donated in that event. A rule the DNC recently wrote into the law obviously intending to do this. The DNC refused to help Sanders in the same way.
The DNC would give stories to "favorable journalists" to smear Sanders a week before primaries in states.
They ALSO had the superdelegates if needed.
You should be SHOCKED that the press worked so closely with Clinton to torpedo Sanders (unreported donations and illegal for media to do so). You should ALSO be shocked the DNC rewrote campaign finance laws to abuse them the way they did, I doubt you could find anyone who says that is fair.
Russian hacking by unixisc · 2017-02-15 03:54 · Score: 2

It has yet to proven the Russians had any affect on the outcome of the US Presidential Election 2016. Hillary was the worst candidate the Democrats could have fronted. I would have liked President Trump to have kept NSA Flynn and then working with the Russian Government plan and deliver a bunker busting bomb on the parliament buildings of North Korea in response for their repeated missile launches. Sadly Trump is succumbing to Washington, DC's, "business as usual." Sad.
Also, the issue at hand during and after the election was not that Russians were hacking the votes, but that Julian Assange was getting his leaks from the Russians, and putting it out daily at their behest. It was never the argument that they were actually breaking into voting machines to alter anything: in fact, when Trump was the one alleging that the elections were rigged, it was President Obama who pointed out that each state had their own voting systems, including states run overwhelmingly by Republicans, and that most of the voting machines were not on the internet. Ironically, that was an argument Republicans could turn around against Jill Stein in the battleground states once Trump won.
But the most bizarre thing over the last week has been Russian aggressiveness in three separate cases: having a spy ship off the DE coast, buzzing a US destroyer in the Black Sea, and the new revelation that they have been developing a cruise missile capable of carrying nuke warheads in violation of the arms control treaty. Shouldn't they be acting like the US was Belarus or Tajikistan instead, if the Dems were correct in portraying Trump as a vassal of Putin?
At any rate, this story reasserts the previously discredited claim that the Russians were hacking voting machines, which runs counter to the argument that they were manipulating Assange.
1. Re:Russian hacking by dbarclay10 · 2017-02-15 04:32 · Score: 2
  
  Shouldn't the Russians be acting like the US was Belarus or Tajikistan instead, if the Dems were correct in portraying Trump as a vassal of Putin?
  At least the sources I use aren't claiming that Trump is a vassal of Putin - they're claiming that Trump is Putin's pawn.
  It's been apparent for years that Russia has been trying to pick a real fight with the US or the EU, the usual reason given being that Putin needs to distract a restless Russian population from local issues particularly corruption. Putin getting Trump elected is seemingly a big win if all these things are true - Trump certainly seems far more likely to get into a war with Russian than ... pretty much any other 2016 presidential candidate.
  To sum: Trump is Putin's pawn, not a vassal. Putin is now manipulating his pawn into starting an armed conflict (or at least another cold war) with Russia.
  
  --
  
  Barclay family motto:
  Aut agere aut mori.
  (Either action or death.)
Re:Let's be clear on what we mean by election hack by Mashiki · 2017-02-15 04:03 · Score: 4, Interesting

Russians flooding the internet with fake news in order to delegitimize every single news organization is not hacking?
The Russians don't have to. The MSM is doing just a fine job all on their own, that's the reason under 15% of Americans trust them.

--
Om, nomnomnom...
Re:Let's be clear on what we mean by election hack by unixisc · 2017-02-15 04:06 · Score: 2

the democrat apparatus also stuffed the ballot box for Trump during the primaries
Got a source for that? I know that Trump entered the race as a favor to Hillary to sow discord in the Republican ranks, but I haven't seen any evidence that the apparat did anything more for him than give him round-the-clock news coverage that starved out his rivals.
-jcr
That's a really amazing conspiracy theory, given that he was so successful that he defeated her majesty, and ended up in uniting all Republicans behind him after the elections. As Jonah Goldberg pointed out, the 'Never Trump' movement is dead (at least on the GOP side), and all Republicans are happily working w/ him. As for the GP's claim that he's a democrat, he may have been once upon a time, but that's ancient history. None of the Trump derangement Dems anywhere in the country are even remotely respecting him - going so far as to boycotting a school in New York's East side just b'cos Don Jr's kid is rumored to be entering kindergarten there. While his border tax, infrastructure plan and repeal of TPP may be things that classical Dems would embrace, he has been more than happy to endorse much of the rest of the GOP platform. Only major difference b/w him and the GOP has been on Russia, and that could end soon now that Russia is doing things that can only be interpreted by him as being in bad faith.
Why does Russia... by fyngyrz · 2017-02-15 04:17 · Score: 2

If he is such a puppet of Putin, then why are the Russians running a spy ship off the DE coast, buzzing a US destroyer in the Black Sea, and testing a cruise missile capable of carrying nuke warheads in violation of the arms control treaty.

Here's a possibility: So people like you will think that Russia isn't connected to Trump's election.
It's called "maskirovka."
(I'd have written "maskirovka" correctly, but, Slashdot's code is still stuck in the 1980's and can't display very much beyond ASCII. And the new owners either don't understand the slashcode and can't fix it [probably... it's perl, after all], or they're too busy doing... I don't know, something. It's not editing, that I can tell you.)

--
I've fallen off your lawn, and I can't get up.
The reckless assigning of blame by mi · 2017-02-15 04:23 · Score: 3, Insightful

This reckless blaming of Russian hackers only serves to recruit more Russian hackers.

--
In Soviet Washington the swamp drains you.
Re:Let's be clear on what we mean by election hack by Curunir_wolf · 2017-02-15 04:24 · Score: 2

There is lots of blame to go around. Or are you seriously trying to claim that Russia had nothing to do with this election?
That's right, Russia had nothing to do with the election. Russia is the enemy of the US multinational corporations, that want control of the European energy market. Providing asylum to Snowden angered the entire military industrial complex and the intelligence community that had been fighting proxy wars with Russia for years. Most of the hot fights in the middle east are really about control of territory for pipelines. Russia wants that European market, and the US has been fighting to prevent them from getting control of it. Hillary's nod to supporting that battle came all throughout the campaign. There are elements in the US government itching for all-out war with Russia.
Most of those elements are still there, and they are working to undermine the Trump administration any way they can, just to get the Russia hate ramped back up. I think Trump believes there is a way to SHARE the European energy market. Not sure how that's going to work, because you give up a lot of profit if you can't have monopoly control over the supplies. We will see. But I, for one, and sick of the Neo-mccarthyism, and prefer to stay out of another cold war or war at all with Russia, if it can be avoided.

--
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
Re:Let's be clear on what we mean by election hack by goose-incarnated · 2017-02-15 04:30 · Score: 2

I guess the Russians flooding the internet with fake news in order to delegitimize every single news organization is not hacking? I'm not convinced there was voting machine hacking, but the Russians definitely engaged in social hacking in a concerted effort to boost Trump.
Lemme guess, you hate Woodward and Bernstein too right? They influenced presidential politics the same way you think those 'commie bastards' influenced the election.

--
I'm a minority race. Save your vitriol for white people.
Was It Goebbels or Alinsky... by RobotRunAmok · 2017-02-15 05:00 · Score: 2

...who said, "Repeat a lie enough times and people will start to believe it"...?
1. Re:Was It Goebbels or Alinsky... by powerlord · 2017-02-15 06:19 · Score: 2, Funny
  
  I thought it was Trump ...
  I could be wrong but that's what people are saying.
  
  --
  This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
Re:Let's be clear on what we mean by election hack by ScentCone · 2017-02-15 07:03 · Score: 2

You're right. The RNC establishment's non-stop catering to Trump's every need during the election was such a spectacle. Oh, right ... that didn't happen. The party and the media were utterly hostile to him, as opposed to, say, slipping him debate questions in advance, courtesy of the woman who is STILL running the DNC machinery.

--
Don't disappoint your bird dog. Go to the range.