Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Apple/Mac / Mac Trojan Disables Security, Steals
New Mac Trojan Disables Security, Steals Passwords
New Mac Trojan Disables Security, Steals Passwords
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
The Macintosh platform is again under attack by malicious code writers. This time, it's a Trojan horse that could compromise machines running Mac OS X 10.4 or 10.5.

Antivirus firm SecureMac claims to have discovered multiple variants of a Trojan horse being distributed from a hacker Web site. The site hosts a discussion on distributing the Trojan horse through iChat and Limewire.

The Trojan, distributed as either a compiled AppleScript called ASthtv05 or as an application bundle called AStht_v06, exploits a recently discovered vulnerability with the Apple Remote Desktop agent. The ARD allows the Trojan to run as root.

According to SecureMac, the Trojan runs hidden on a Mac and allows a malicious user complete remote access. The Trojan can transmit system and user passwords, and avoid detection by opening ports in the firewall and turning off system logging. The AppleScript version, SecureMac reported, can also log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing.

Fortifying a Mac

While it's true that hackers and malware authors target Macs far less frequently than Microsoft Windows PCs, that doesn't mean Mac users can disregard common sense in securing their computers, according to Carole Theriault, senior security consultant at Sophos.

"In the last 12 months we have seen growing evidence that cybercriminals -- although still focusing in the main on the Microsoft platform -- have shown an increase in interest in seeing if there is an opportunity to hack into Mac computers for financial gain," Theriault noted.

Although the problem is much smaller than on Windows, she added, Mac users would be wise to run an antivirus program, keep up with security patches, and exercise care about which programs they install.

The Threat Behind the Threat

Sophos has labeled the new Trojan "OSX/Hovdy-A." According to its monitoring service, the prevalence is low but the danger is critical. In addition to opening ports in firewalls and starting the ARD, the Trojan will also attempt to install itself in the Library/Caches folder and perform several tasks, including deleting system log files, starting PHPShell and Web server, disabling system updates, and disabling third-party security software.

Like many Windows attacks, this Mac Trojan relies on the user giving it permission to install. Using social-engineering techniques, the Trojan could be given disguises as varied as a game, a video, or a handy new utility.

"Sadly, many Mac users are just as willing as their Windows-based cousins to install a program without careful thought as to safety," Theriault said. "We are not witnessing a large-scale attack by this Trojan, but it is worrying to see yet more hackers turning their malevolent gaze to the Mac platform."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.