New Mac Malware Targets Uyghur Activists
The malware connects to a command and control server in China.
"The malware is being distributed in e-mails to certain Uyghur Mac users, and is contained within a ZIP file called 'matiriyal.zip,'" writes CNET News' Topher Kessler. "If this file is opened it will reveal an image file and a text file that is a disguised OS X application that if run will install the malware. Once installed, the malware will connect to a command-and-control server based in China, and allow a remote attacker to issue local commands and access files."
"The Uighurs have sought greater religious freedoms and autonomy, and have staged a number of uprisings against Chinese rule," notes SC Magazine's Dan Kaplan. "The U.S. State Department has called out the Chinese government for repressing and committing human rights abuses against the minority group."
"Similar to Kaspersky Lab's discovery, AlienVault Labs claims to have found another backdoor, this one affecting Windows users," writes Threatpost's Christopher Brook. "Transmitted through email, the attack also includes a zip file -- along with a Winrar file. The file extracts a binary that goes on to copy itself but not before dropping a DLL file on the system. After [it's] injected, the DLL file appears to help initiate Gh0st RAT, a well-known remote access tool. Gh0st RAT was served up by Amnesty international’s website just last month and has been used in other targeted attack campaigns in recent years."