One notorious hacking group which is rumored to have links to the Russian government is believed to have created one piece of malware that is detrimental to the computers which run the Apple OSX software,sSecurity researchers at the security firm, Palo Alto Networks reported.
The notorious cyber espionage group is known to the California based company as Sofacy group and it has also been given various other names in the past. One of its most famous names which it is known by worldwide is Fancy Bear, and many others including, Pawn Storm and APT28. The group is also the one that infamously infiltrated the Democratic National Committee networks days before the Democratic Convention took place in Philadelphia.
The security researchers wrote an in depth blog post which outlined and explained the Trojan. The malware goes by the name, Komplex, and it is said to take hold of the Apple computer through some targeted spear phishing methods, rather than simply exploiting an Apple flaw like other malware. The researchers noted that the incident they investigated showed that the malware had been used to attack the aerospace industry.
They also noted that the payload of the malware was purposefully hidden in a Russian pdf file which illustrates all the Russian federal Space Programs that are to be done between now and 2025. The researchers said that the malware looks normal at first glance and in some cases even opens in the Mac preview mode.
When the intended recipient and victim to the file opens it, the file has the capability to download even more files to the infected computer which results in the execution and deletion of files where there is interaction with the system shell. This is the user interface which is used in cases to access the operating system directly. When the engineers did reverse engineering on the Komplex malware, they noticed some code overlaps and similarities such as those of the OSX Trojan.
An intelligence director at Palo Alto, Ryan Olson said that the recipient of the infected file is actually expecting this file. The attackers were making use of a windows tool and that this had signified the first time that there had been an overlap to the Mac OSX. Fancy Bear, as they are popularly known, have targeted the German parliament, the World Anti Doping Agency, and now this.
If you’re worried about your Mac safety, think about getting a good VPN that works on Mac.