CHINA TOPIX

11/02/2024 09:35:27 am

Make CT Your Homepage

Suspected Russian Hackers Attack Mac OS X with 'Komplex' Trojan

Chaos Computer Club Annual Congress

(Photo : Getty Images) A participant sits with a laptop computer as he attends the annual Chaos Communication Congress of the Chaos Computer Club at the Berlin Congress Center on December 28, 2010 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants.

Security researchers from Palo Alto Network's Unit 42 discovered a new Mac OS X malware that appears to be targeting the aerospace sector.

The Trojan, called Komplex, is reportedly exploiting a known weakness in the MacKeeper security software to gain access to the machine, The Register reported citing the Palo Alto Networks. Such vulnerability can be used to perform remote commands when visiting web pages in a Mac, Info World noted.

Like Us on Facebook

The Trojan could download, execute, and delete files from an infected Mac. But notably, the Trojan could also save a PDF document about detailed plans of Russian space program to the infected system, although it only acts as a decoy, the research firm said in a blog post. Victims may encounter the threat if they open the malicious link from their emails.

Meanwhile, elite Russian hacking team that goes by the names "Sofacy," "Pawn Storm," or "Fancy Bear" among others, is thought to be behind the attacks, Palo Alto Network added.

The team noted that the Komplex Trojan used two internet domains, apple-iclouds.net and itunes-helper.net, which have been linked with other cyberattacks associated with the Russian hacking group.

"The Sofacy group created the Komplex Trojan to use in attack campaigns targeting the OS X operating system - a move that showcases their continued evolution toward multi-platform attacks," Ryan Olsen, Palo Alto researcher, said.

"... we believe Komplex has been used in attacks on individuals related to the aerospace industry, as well as attacks leveraging an exploit in MacKeeper to deliver the Trojan."

According to security firm CrowdStrike, Fancy Bear is known for targeting the aerospace, defense, energy, government, and media industries in the United States, China, Canada, Japan, to name a few. Recently, it has been accused of breaching high-profile targets including the Democratic National Committee.

Although it cannot be determined how many systems were infected with the Komplex Trojan, the Palo Alto Network believes the attack is not widespread.

Real Time Analytics