A new version of Xagent, malware reportedly created by Russian hacking group APT28, has been discovered, and this version targets Mac users.
As outlined in a blog post by antivirus company Bitdefender (via Ars Technica), Xagent has previously been used to infiltrate Windows, iOS, Android, and Linux devices, but now Macs are vulnerable to attack as well. This is the first version of Xagent that's believed to be able to infiltrate Macs.
The Mac version of Xagent is described as a backdoor that can be customized to do things like log passwords, detect system configurations, execute files, take screenshots of the display, and access iOS backups stored on the Mac.
Bitdefender isn't entirely sure how the Mac version of Xagent is being distributed to users, but it could be spread via a macOS malware downloader called Komplex, which exploits a vulnerability in the virus-like MacKeeper software. Research on the malware is ongoing.
Mac users concerned about Xagent should avoid downloading anything that doesn't come from the Mac App Store or a well-known developer.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
As outlined in a blog post by antivirus company Bitdefender (via Ars Technica), Xagent has previously been used to infiltrate Windows, iOS, Android, and Linux devices, but now Macs are vulnerable to attack as well. This is the first version of Xagent that's believed to be able to infiltrate Macs.
The Mac version of Xagent is described as a backdoor that can be customized to do things like log passwords, detect system configurations, execute files, take screenshots of the display, and access iOS backups stored on the Mac.
The sample we are discussing today has been linked to the Mac OSX version of Xagent component from Sofacy/APT28/Sednit APT. This modular backdoor with advanced cyber-espionage capabilities is most likely planted on the system via the Komplex downloader.APT28 is the cyberespionage group that has been accused of hacking into the U.S. Democratic National Committee last year and interfering with the 2016 presidential election.
Once successfully installed, the backdoor checks if a debugger is attached to the process. If it detects one, it terminates itself to prevent execution. Otherwise, it waits for an Internet connection before initiating communication with the C&C servers.
After the communication has been established, the payload starts the modules. Our preliminary analysis shows most of the C&C URLs impersonate Apple domains.
Bitdefender isn't entirely sure how the Mac version of Xagent is being distributed to users, but it could be spread via a macOS malware downloader called Komplex, which exploits a vulnerability in the virus-like MacKeeper software. Research on the malware is ongoing.
Mac users concerned about Xagent should avoid downloading anything that doesn't come from the Mac App Store or a well-known developer.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
20 comments
Apple Arcade, Apple's upcoming subscription-based gaming service, was first introduced in March and is set to launch this fall.
Ahead of the upcoming launch, Apple has debuted an early...
New leaked assets from the watchOS 6 beta suggest Apple plans to launch new ceramic and titanium Apple Watch models as early as next month.
Discovered by iHelpBR, the assets belong to the...
Apple in iOS 13 made changes to the way location tracking permissions work, and there's no longer an option for apps to ask to "Always Allow" location tracking.
Instead, Apple allows...
Along with many new features for the iPhone and the iPad, iOS 13 brings updates to CarPlay, overhauling the interface for the first time in years and adding useful new functionality.
In our...
Japan Display will supply OLED displays for new Apple Watch Series 5 models slated to launch in the second half of 2019, according to the latest prediction from well-known analyst Ming-Chi Kuo.
...
Apple's HomePod is set to launch in Japan and Taiwan next week, on Friday, August 23, Apple announced today. Ahead of the launch, Apple is accepting pre-orders through its online stores in Japan...
Apple today filed a lawsuit against Corellium, a mobile device virtualization company that supports iOS. Corellium describes itself as the "first and only platform" that offers iOS, Android,...
Apple is directly or indirectly responsible for creating a total of 2.4 million jobs in the United States, the company announced today.
Apple says that this is four times the number of American...
