A new version of Xagent, malware reportedly created by Russian hacking group APT28, has been discovered, and this version targets Mac users.
As outlined in a blog post by antivirus company Bitdefender (via Ars Technica), Xagent has previously been used to infiltrate Windows, iOS, Android, and Linux devices, but now Macs are vulnerable to attack as well. This is the first version of Xagent that's believed to be able to infiltrate Macs.
The Mac version of Xagent is described as a backdoor that can be customized to do things like log passwords, detect system configurations, execute files, take screenshots of the display, and access iOS backups stored on the Mac.
Bitdefender isn't entirely sure how the Mac version of Xagent is being distributed to users, but it could be spread via a macOS malware downloader called Komplex, which exploits a vulnerability in the virus-like MacKeeper software. Research on the malware is ongoing.
Mac users concerned about Xagent should avoid downloading anything that doesn't come from the Mac App Store or a well-known developer.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
As outlined in a blog post by antivirus company Bitdefender (via Ars Technica), Xagent has previously been used to infiltrate Windows, iOS, Android, and Linux devices, but now Macs are vulnerable to attack as well. This is the first version of Xagent that's believed to be able to infiltrate Macs.
The Mac version of Xagent is described as a backdoor that can be customized to do things like log passwords, detect system configurations, execute files, take screenshots of the display, and access iOS backups stored on the Mac.
The sample we are discussing today has been linked to the Mac OSX version of Xagent component from Sofacy/APT28/Sednit APT. This modular backdoor with advanced cyber-espionage capabilities is most likely planted on the system via the Komplex downloader.APT28 is the cyberespionage group that has been accused of hacking into the U.S. Democratic National Committee last year and interfering with the 2016 presidential election.
Once successfully installed, the backdoor checks if a debugger is attached to the process. If it detects one, it terminates itself to prevent execution. Otherwise, it waits for an Internet connection before initiating communication with the C&C servers.
After the communication has been established, the payload starts the modules. Our preliminary analysis shows most of the C&C URLs impersonate Apple domains.
Bitdefender isn't entirely sure how the Mac version of Xagent is being distributed to users, but it could be spread via a macOS malware downloader called Komplex, which exploits a vulnerability in the virus-like MacKeeper software. Research on the malware is ongoing.
Mac users concerned about Xagent should avoid downloading anything that doesn't come from the Mac App Store or a well-known developer.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
20 comments
On Tuesday, Apple's Beats brand introduced the new Beats Solo Pro headphones, the company's first on-ear headphones with active noise cancellation. The new $300 headphones don't...
Apple today seeded the second beta of an upcoming macOS Catalina 10.15.1 update to developers, a little under a week after seeding the first beta and a week and a half after releasing macOS Catalina...
A major flaw in Samsung's Galaxy S10 smartphone has been discovered that basically means any fingerprint can unlock the device with the help of a cheap screen protector.
According to the...
Apple has posted the first stats for iOS 13 adoption since its launch on September 19th for iPhone.
Apple shared the statistics on the App Store Developers page which was updated today. Apple...
Apple today released the third betas of upcoming iOS and iPadOS 13.2 updates to developers, just under a week after seeding the second betas and three weeks after the release of iOS 13.1.
iOS...
Quanta Computer will likely stop taking assembly orders for the Apple Watch at some point in 2020 due to profit concerns, and may sell its manufacturing plant in Changshu, China dedicated to...
AnandTech today published its in-depth review of the iPhone 11 and iPhone 11 Pro, including a detailed overview of the processor and graphics performance gains of Apple's latest A13 Bionic chip.
...
Apple has set up its second partnership with film studio A24, this time for an adaptation of the young adult novel "The Sky is Everywhere" (via The Hollywood Reporter).
"The Sky is...
