New Sabpab Mac Malware Found

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security researchers recently discovered new malware, identified by Kaspersky as Backdoor.OSX.SabPub.a, by Sophos as OSX/Sabpab-A, and by Symantec as OSX.Sabpab, which exploits the same Java vulnerability as the Flashback Trojan.

"It also doesn't require any user interaction to infect a system ... all that needs to happen is for you to visit an infected webpage," writes Macworld's Ben Camm-Jones.

"After infecting a given Mac, this Trojan is like most: it connects to a remote website using HTTP in typical command and control (C&C) fashion to fetch instructions from remote hackers telling it what to do," writes ZDNet's Emil Protalinski. "The backdoor contains functionality to take screenshots of the user’s current session, upload and download files, as well as execute commands remotely on the infected machine. Encrypted logs are sent back to the control server, so the hackers can monitor activity."

Kaspersky's Costin Raiu reports that the malware appears to have been created on March 16. "The timing of the discovery of this backdoor is interesting because in March, several reports pointed to Pro-Tibetan targeted attacks against Mac OS X users," he writes. "The malware does not appear to be similar to the one used in these attacks, though it is possible that it was part of the same or other similar campaigns."

"The Sabpab Trojan is not believed to be anything like as widespread as Flashback, but still underlines the importance of protecting Macs against malware with an up-to-date anti-virus program and security updates," writes Sophos' Graham Cluley. "It's time for Mac users to wake up and smell the coffee. Mac malware is becoming a genuine issue, and cannot be ignored any longer."