Forgot your password?
typodupeerror
Security Apple IT

New Version of the MaControl Trojan Spotted In the Wild 77

Posted by timothy
from the little-beady-coyote-eyes dept.
EliSowash writes "A new version of the MaControl malware has been reported in the wild. More information on the malware, its behavior, and the attack campaign is available from Kaspersky Labs, who discovered this variant. As more malware authors become motivated to attack OS X it is likely that we will continue to see targeted attacks such as this in the future. Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."
This discussion has been archived. No new comments can be posted.

New Version of the MaControl Trojan Spotted In the Wild

Comments Filter:
  • by Anonymous Coward

    A wild MaControl appears!

  • Ah, the burdens of increasing marketshare: You're now statistically significant enough for the criminal element to take an interest. In every other part of IT, 'ease of use' is almost diametrically opposed to 'secure'. Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

    It will probably take more evidence to convince the hardcore (like th

    • by oztiks (921504)

      Saying it has never convinced the Mac community though. All those years of MS bashing will eventually come full circle.

      Computers store valuable information, linux, windows, bsd, osx, they are all computers they all have something of value to steal. I've always thought just as the computing industry has smartened up to malicious activity so have the criminals, biding their time with Apple I've always thought was a long term investment, wait until there was enough Mac users out there so that when you make a r

      • Re:Think Different (Score:4, Informative)

        by macs4all (973270) on Friday July 06, 2012 @01:01AM (#40560483)

        Apple is completely unprepared for the shit storm that is to follow.

        You're right, of course. Apple is completely unprepared [apple.com].

        And keep in mind that those features are already installed in an OS that has a spotless track record as far as self-replicating malware (worms and true viruses, rather than stupid-ass Trojans).

        So yeah, Apple is just sitting there with their proverbial pants down, waiting for insertion...

        Clueless moron.

        • by oztiks (921504)

          From your username i wont take offence at your personal attacks. I speaking ill about Apple is akin to calling your mother a whore.

          If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.

          Apple's containment process is unsavoury to ones computing freedom and precisely the problem with the security model. It's like the cave man vs the modern human, you give the cave man some raw meat and he eats it no troubles. Give it too the modern man and he dies because of sort of bacteria in the meat.

          Apple's germ free environment is why when the malware industry does hit. It

          • by macs4all (973270)

            From your username i wont take offence at your personal attacks. I speaking ill about Apple is akin to calling your mother a whore.

            ...And then you respond with a personal attack.

            Moron.

            If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.

            Apple's containment process is unsavoury to ones computing freedom and precisely the problem with the security model. It's like the cave man vs the modern human, you give the cave man some raw meat and he eats it no troubles. Give it too the modern man and he dies because of sort of bacteria in the meat.

            Apple's germ free environment is why when the malware industry does hit. It will hit them hard.

            So, let me get this straight: You said that "Apple is completely unprepared for the shitstorm that is to follow.". I countered with unequivocal proof that your statement was false. And now, since your statement has been refuted, you SWITCH your argument to a combination of an ad hominem attack (which was couched in a statement that you weren't going to respond to me calling you a clueless moron (which you are)), but more importantly, you now say that on

            • by oztiks (921504)

              Does MacOS boast ASLR? Do your research is DEP and get back to me :)

          • by mcgrew (92797) *

            Your analogy has quite a few flaws. You are in effect saying that the cave man (windows) has a better immune system (AV software). Macs and Windows are more like cats and dogs; they don't get the same diseases.

            As to your cave man eating raw meat, dying from eating raw meat is far more recent. Fifty years ago you could safely eat raw hamburger, chicken, or eggs with little risk of food poisoning and in fact many people enjoyed chicken and hamburgers cooked rare, but ranching methods have changed drastically.

    • Re:Think Different (Score:4, Insightful)

      by Anonymous Coward on Thursday July 05, 2012 @06:48PM (#40558205)

      Until recently, mac users refused to believe this piece of wisdom, pointing to the lack of viruses and malware, and (erroneously) concluding that it was because their OS of choice was somehow more resiliant to such attacks.

      compared to windows it is. if only due to no internet exploder. course basic literacy is on the decline these days so maybe i need to reluctantly point out for the knee-jerk idiot crowd that "more resiliant" does not mean "absolutely 100% invulnerable".

      but the average mac user will likely be more sensible. I hope.

      the average mac user paid more money for a mac because they thought windows was too hard. your hope is misplaced.

      to make the point consider the opposite scenario. there are proof-of-concept viruses for linux. do you know why there are no linux viruses spreading in the wild? because the average linux user actually has a clue, something you cannot claim for the average windows or mac user.

      linux users tend to understand that "2 hour paris hilton sex video!" should not be a 238kb executable. they understand that the guy sending them e-mail is not really a nigerian prince. they understand that their bank should already have their account number. they understand that their browser performing an HTTP GET of a .jpg does not mean that site can tell if their computer "has a virus".

      you can have the greatest system in the world. if you put it in the hands of an idiot it will still get compromised.

      • Re: (Score:2, Insightful)

        by macs4all (973270)

        the average mac user paid more money for a mac because they thought windows was too hard.

        No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.

        • by causality (777677)

          the average mac user paid more money for a mac because they thought windows was too hard.

          No. The average Mac user THESE days purchased a Mac because they were TIRED of Windows.

          I felt that way back in the mid 1990s. So I switched to Linux.

          I continue to be glad that I did. I started out with Red Hat and have also tried Debian, Slackware, and Suse. I eventually settled on Gentoo some years ago because I like to customize, which especially includes the security options available when you build from source (like SSP). I also enjoy having such a wide variety of software available in the package manager. Not to mention, the Gentoo forums are some of the very best I've seen anywh

      • Not only that, linux users cannot simply download an executable, they have to make it executable (or extract it from an archive keeping permissions). In addition to it, linux users don't have "download-n-run" mentality as most if not all the software comes from a repository.

        One can argue about the reasons why it is virtually impossible to get a trojan using linux, but it is sure nice that I don't have to clean my parent's PCs once in a while as it used to be with Windows.

        • by causality (777677)

          Not only that, linux users cannot simply download an executable, they have to make it executable (or extract it from an archive keeping permissions). In addition to it, linux users don't have "download-n-run" mentality as most if not all the software comes from a repository.

          One can argue about the reasons why it is virtually impossible to get a trojan using linux, but it is sure nice that I don't have to clean my parent's PCs once in a while as it used to be with Windows.

          In my opinion people take system compromises far too lightly merely because they are common.

          The danger is not having to periodically "clean their PC". That's a nuisance to be sure, but it is only a nuisance. No, the danger is that a piece of malware might help some criminal to "clean" their bank accounts. That kind of simple theft is bad enough; have you ever considered the prolonged nightmare that identity theft could cause? These are much, much worse than having to run a virus (etc.) scanner once i

    • by mcgrew (92797) *

      In every other part of IT, 'ease of use' is almost diametrically opposed to 'secure'.

      So, you're saying that my kubuntu box is less secure than my Win 7 box? Because Windows frustrates the hell out of me, the kubuntu box just keeps chugging along without problems. Example: Bluetooth. I bought a dongle to move pictures from my phone, and it came with no Linux install disk. After installing the software on my Win 7 box and rebooting twice, it was flaky but worked. Linux? I just plugged the dongle in and it wor

  • by Anonymous Coward

    The article commits the worst sin of all - the extra apostrophe. The plural of Mac is Macs. Not Mac's. Reading that is like snagging my eye on a nail.

  • by znu (31198) <znu.public@gmail.com> on Thursday July 05, 2012 @06:32PM (#40558099)

    Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

    • by oztiks (921504)

      It's not about floodgates it's about prevention and it's about criminal activity / value. The damage will speak for itself when normal people have their cc drained because the data was pulled out of AppStore or something akin.

      Also remember a Trojan/Worm/whatever isn't about being known, it's the unknown malicious apps out there that are the concern. Techs find an exploit here or there but is that simply the tip of the iceberg? and Apple's security focus is simply under manned and considered an afterthought?

      • Re: (Score:3, Funny)

        by jo_ham (604554)

        It's not about floodgates it's about prevention and it's about criminal activity / value. The damage will speak for itself when normal people have their cc drained because the data was pulled out of AppStore or something akin.;

        I thought Apple were already doing that to our credit cards? Surely there will be nothing left for the malware authors.

      • by macs4all (973270)

        Also remember a Trojan/Worm/whatever isn't about being known, it's the unknown malicious apps out there that are the concern. Techs find an exploit here or there but is that simply the tip of the iceberg? and Apple's security focus is simply under manned and considered an afterthought?

        Does THIS [apple.com] look like an afterthought [apple.com]?!?

        And keep in mind that these security features are built into an OS with NO known self-replicating malware. So no, I wouldn't say that Security is an "Afterthought" with Apple.

        Pro Tip: If you don't know about something, then STFU.

        • by oztiks (921504)

          AHAHAHAHA someone woke up cranky.

          As for your references to the malware scanners - good on them. We over in PC land have had the same thing for well over a decade, way to innovate guys.

          I guess you should feel special knowing that online criminals actually give a shit about you now....

          P.S I so so hate Apple's interface, its been 20 years already why do cropped screenshots of OSX look nearly the same as OS7. I remember looking at the iPhone config panel and thinking, shit I played with this back in 6th grade,

    • Literally every time there's some new bit of Mac malware, we see a chorus of predictions in the form of "This is it, now the floodgates are going to open!" This has been going on for years, and these predictions have all been wrong. There are a couple of a new threats a year, and there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

      The difference is in WHAT the threats are -- last year brought us FakeAV for Macs, which showed that the criminal element was now looking at the platform as profitable. Then, later in the year, we got Flashback, which has been continually updated through April to provide botnet access and a data leak conduit on OS X.

      But the real news hasn't been with these pieces of fake software, it's been with Trojanized backdoor and keylog software... which has been climbing at a steady rate, both in variants and in detected installs. We're seeing a dramatic increase in data exfiltration on Macs. It's not really a case of "now the floodgates are going to open!" but more a case of "the gates opened last year, and we're going to keep seeing the consequences."

      Apple has taken note however, and has implemented a number of security changes -- not just GateKeeper, but little significant things such as not letting MachO binaries run unless they're in a proper executable bundle with proper file permissions and an info.plist.

      So for the first time, we're seeing a malware arms race on OS X, which truly has never happened before.

      While not dramatic, this is a few particular reasons to believe that we're on the cusp of a non-linear increase -- because it's now profitable to scam OS X users via their OS, and more and more criminal groups are realizing they can take some of the unsuspecting pie.

    • Maybe if mac fan boys wouldn't have kept on with the "macs don't get virii" through the years it wouldn't get the press its getting now.
      • by macs4all (973270)

        Maybe if mac fan boys wouldn't have kept on with the "macs don't get virii" through the years it wouldn't get the press its getting now.

        Show me a true, self-replicating piece of OS X malware. Trojans don't count, and that's ALL there have been in the wild.

    • by sl4shd0rk (755837)

      there isn't actually any particular reason to believe we're on the cusp of a dramatic non-linear increase.

      Nicely put. If there were any substance to these reports there would be like, Trojan apps and stuff turning up in iTunes or something.

    • Apple has also been going out of business for 35 years.

  • FTFA:

    Kaspersky Lab’s researchers analyzed the Mac OS X backdoor and concluded that the malicious application is a new and primarily undetected variant of the MaControl backdoor, which supports both i386 and PowerPC Macs. However, Kaspersky Lab’s system detects the malicious variant as “Backdoor.OSX.MaControl.b.”

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...