A survey by Dr. Web, a Russian research firm has found a new threat called as “Mac.Backdoor.iWorm” that targets Mac OS X desktops. An affected Mac desktop can be used for data gathering and a variety of commands can be carried out remotely.
More than 17,658 Mac desktops/laptops worldwide were reportedly affected by the malware with a quarter of users in the United States. The malware uses a special method of spreading via Reddit in the form of posts to a Minecraft server list to collect the IP addresses for the command and control (CnC) network. The user which had posted the subreddit data has been shut down though the malware creators are likely to form another server list.
The malware, which had used Reddit search lists installs, creates an operation file and control servers are connected through a port request. Though the Dr.Web report does not mention how the malware spreads, the “dropper” program allows it to be installed in the Library directory in the user’s folder under the name “JavaW“.
Affected computer included computers in Slovakia and at Marist College in Poughkeepsie, New York, which was running on the college’s private cloud. However, there are concerns regarding the malware as the new version may already be spreading through a different search engine like Reddit. The malware can send personal user data, change configuration or put a Mac to sleep.
Security Journalist has stated that Dr.Web and Bitdefender currently identifies the malware while developer Jacob Shamela has posted the steps for OS X that will alert the user about the attack.
[ Via ]