Russian Mac malware steals passwords and iPhone backups

By

Touch bar
But there's (probably) no need to panic.
Photo: Ste Smith/Cult of Mac

Still think your Mac is immune from viruses? Think again.

Just a week after a new strain of Mac malware was found hidden inside malicious Microsoft Word macros, security researchers have discovered sophisticated new software from Russian hackers that targets your saved passwords and iPhone backups.

The new Mac malware was created by APT28, a group blamed for interfering with last year’s U.S. presidential election by hacking the Democratic National Committee. It was already infamous prior to this for its long list of attacks on iOS, Android, Windows and Linux.

Now the group is targeting Macs with a new version of “Xagent,” a modular backdoor that can be customized to do different things. Security software company Bitdefender found that this particular strain is capable of stealing saved user passwords and highly sensitive iOS backups, among other things.

“The analysis reveals the presence of modules that can probe the system for hardware and software configurations, grab a list of running processes and run additional files, as well as get desktop screenshots and harvest browser passwords,” Bitdefender writes. “But the most important module, from an intelligence-gathering perspective, is the one that allows the operator(s) to exfiltrate iPhone backups stored on a compromised Mac.”

How APT28’s Xagent Mac malware works

Once the malware makes its way onto your system, it establishes communication with a server, then runs different modules that grab all kinds of information from your Mac.

“Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation,” writes Bitdefender. “For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel.”

The good news is this is described as targeted attack malware, which means you’re unlikely to become a victim of it unless APT28 hits your system specifically. It’s unlikely you’ll find it lurking in the wild. And if you’re an average Joe, you’re probably not an APT28 target.

However, Bitdefender is still analyzing Xagent, so we’ll have to wait for further information.

  • I have profited 104 thousand dollars in 2016 by doing an on-line job a­n­d I did it by w­orking part-time for few h each day. I used a money making model I stumbled upon from company that i found online and I am so thrilled that i was able to make so much extra income. It’s user-friendly a­n­d I am just so blessed that i discovered it. This is what i did… STATICTAB.COM/gpfvgtj

  • Cee Gee

    unsubscribed