New Flashback exploit targeting Macs
A new security threat using the same exploit that infected over 600,000 Macs earlier this month has been uncovered.
Two variants of a second backdoor based on the same Java vulnerability used by Flashback have been discovered by security labs since last week.
The discovery highlights the need for OS X users to apply the critical updates released by Apple last Thursday to address the Flashback exploit, thought to be plaguing upwards of 600,000 OS X computers worldwide.
The new threat — Backdoor.OSX.SabPub — works by connecting to a Fremont, California-based IP address once it infects a host computer, which then sends instructions to the machine. A typical Command-and-Control (”C&C”) attack, it was initially revealed on the ThreatExpert website.
Although “SabPub” remains rare, it has links with the pro-Tibet targeted attack campaign from earlier this month and the ongoing “LuckyCat” campaign that has been attacking a wide range of targets in East Asia since last year.
According to a blog post by Kaspersky Lab security expert Costin Raiu, the IP address used by SabPub’s C&C attacks was found in malware discovered as a result of a sophisticated cyber-espionage campaign against targets ranging from military research in India to pro-Tibet activists.
Trend Microsystems released a research paper on the threat earlier this month, which is believed to be a concentrated attack originating in China. A second variant was discovered in a .doc file referencing a statement given by the Dalai-Lama related to the Anniversary of the Tibetan People’s National Uprising Day, which potentially ties it to similar attacks earlier in the month.
The researchers said it’s possible SabPub has existed in the wild since the end of February.