New Malware Targeting The Second Most Widely Used Desktop OS "Mac OS X"
From Palo Alto Networks, SentinelOne, and Synack, who are security researchers by profession have been analyzing a new malware sample from the past few weeks. That new malware sample is targeting Mac OS X.
Around the world, the HackingTeam sells surveillance software (a legal term for malware) to governments. The HackingTeam is a controversial Italian Company.
A series of malware has been discovered by the Claud Xiao, a security researcher from Palo Alto, that seems to him very suspicious. Once they had shared the binaries with infosec community, these all ended up in the hands of some OS X security specialists. According to both (SentinelOne's Pedro Vilaca and Synack's) the researchers, the new malware contains the malicious binaries which resembled same as the malware which was uncovered by the HackingTeam data breach last summer. Both are not sure at the moment that behind all these, Hacking Team is involved, but soon they will find it out.
According to the researcher, malicious binaries that are contained by the malware are only droppers, not anything complex. If we talk about Droppers then it can be defined as the computer viruses classes that contain functions. They possess a capability to infect computers and are able to communicate with a C&C server and also the specific piece of malware variant can be downloaded, based on infected system details. When the researchers were analyzing the malware, they also found that, at that time antivirus engines in Google's VirusTotal service weren't flagging it as malicious.
The HackingTeam's Remote Control System (RCS) has been installed by the malware onto the computer, as this time malware is a "dropper". The code of "dropper" is also same as the code which was prior to their hack last year.
When the network of a HackingTeam in July 2015 was hacked, that time almost 400GB of confidential information was leaked which include emails, firms-government relationship, and many more sensitive information.
Now, this time, the target is Mac OS, the second most widely used desktop OS after Windows.
How to check whether you are affected or not?
To check if you are infected or not look for Bs-V7qIU.cYL or _9g4cBUb.psr which is dropped into the ~/Library/Preferences/8pHbqThW/ directory.
If you find any of these codes then delete that entire directory, and remove the ~/Library/LaunchAgents/com.apple.FinderExtAvt.plist file.