SophosLabs: More malware for the Mac OS X platform has been discovered, hot on the heels of the revelation that some 600,000 Macs had been infected in the Flashback attack.
And just like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac.
The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet.
The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.
The Trojan creates the files
/Users/
/Library/Preferences/com.apple.PubSabAgent.pfile /Users/
/Library/LaunchAgents/com.apple.PubSabAGent.plist
Encrypted logs are sent back to the control server, so the hackers can monitor activity.
The potential for abuse of compromised Macs should be obvious, given the Trojan’s functionality.
The Sabpab Trojan is not believed to be anything like as widespread as Flashback, but still underlines the importance of protecting Macs against malware with an up-to-date anti-virus program and security updates.
It’s time for Mac users to wake up and smell the coffee. Mac malware is becoming a genuine issue, and cannot be ignored any longer.