Categories: Malware

Mac malware detected by Appelbaum at Oslo Freedom Forum

NEW MAC MALWARE HAS BEEN DISCOVERED BY JACOB APPELBAUM ON ATTENDEE COMPUTER AT OSLO FREEDOM FORUM WHERE IS DEBATED ALSO GOVERNMENT SURVEILLANCE.

A new Mac Malware has been detected at recent Oslo Freedom Forum workshop, the concerning discovery has been made by the popular security expert Jacob Appelbaum.

“Hundreds of the world’s most influential dissidents, innovators, journalists, philanthropists, and policymakers will unite in the Norwegian capital for a three-day summit exploring how best to challenge authoritarianism and promote free and open societies.”

Appelbaum is best known for his work in the fight of online anonymity (e.g. Tor Project) and for his participation in numerous activities in the defense of human rights and free access to the Internet.

During workshop is debated the topic of government surveillance, the experts who participated to the event discussed the uncomfortable subject and many other topics such as dictatorship, censorship and activism.

During the recent months many cyber espionage campaigns have been uncovered, in majority of the cases governments used malicious codes to track dissident and political opponents, the phenomena have global diffusion and are of great concern to those who are fighting for humanitarian rights and freedom of expression.

This edition of the forum, The fifth, will be reminded also for the discovery of Appelbaum, a new strain of malware with backdoor capabilities on Mac OS has been detected on an Angolan activist’s machine.

Appelbaum sustained that the Angolan activist’s PC was compromised in a spear-phishing attack used to spread the Mac Malware.

F-Secure security firm was one of the first firm that investigated on the Mac Malware, the researcher known as “Brod,” is investigating on the malicious agent. F-Secure security advisor Sean Sullivan published an interesting post on the case, the Mac Malware code is signed with a legitimate Apple Developer ID and it is able to take screenshots storing them image files in a folder called “MacApp.”.

Appelbaum confirmed via Twitter that Apple has revoked the Developer ID with which the malware is signed

The spyware implements simple spying functions, it is able to capture images of the victim’s screen and transfer the data to a Command & Control server, the security researchers found two C&C server located in France and in the Netherlands.

Sullivan wrote that the French C&C server would not resolve and the Dutch displayed a “Forbidden” access message.

Sullivan and Appelbaum revealed on Twitter that Mac malware detected appeared to be linked to an older Mac malicious code called HackBack.

VirusTotal assigned to the Mac Malware a Detection ratio of 1/46 that means that only F-Secure antivirus vendors is currently detecting the threat identifying it as as Backdoor: OSX/KitM.A. (SHA1: 4395a2da164e09721700815ea3f816cddb9d676e).

Pierluigi Paganini

(Security Affairs – Cyber espionage)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.