back to article Mac-based Trojan targets Uyghur activists

Security researchers have intercepted a Mac-based Trojan attack targeting Uyghur human rights activists. The Uyghur are a minority ethnic group that live in Eastern and Central Asia, mostly (but not exclusively) within the geographical borders of China. A run of infected emails sent to Uyghur activists, and intercepted by …

COMMENTS

This topic is closed for new posts.
  1. Dana W
    Meh

    Seriously?

    If you are dumb enough to install a .dmg in an email, no OS can save you.

    And of for some odd reason you are STILL using Safari, uncheck "open safe files after downloading".

    Once again, not a "virus" simply an intelligence test.

    1. Anonymous Coward
      Anonymous Coward

      Re: Seriously?

      We're talking about Mac users here, people who think their computer is impervious. Of course they're going to click the executable.

      1. Anomynous Coward

        Re: Seriously?

        Anyone who is certain that they never ever would is setting themselves up for an embarrassing fall.

        1. Anonymous Coward
          FAIL

          Re: Seriously?

          You have to be a really silly user since OSX already warns that:

          "App_name.app is an application that was attached to a mail message. Are you sure you want to open it?""

          when you try to run a app that came either via mail or the web. Yes, works for apps that came inside .ZIP files too.

          1. Anomynous Coward

            Re: Silly

            "You have to be a really silly user since OSX already warns"

            As do other products and yet even non-silly users of those products who considered such silliness beneath them have fallen foul of these sort of attempts.

            Think how you might react to that warning if the email came from address you know?

            And if it happened to come from an address you know at a time when you were expecting something from that address?

            Overconfidence in your own abilities or those of your chosen supplier is one of the things people bank on.

            1. Anonymous Coward
              Black Helicopters

              Re: Silly

              If an attacker already had the e-mail addresses I trusted, the sort of language they would contain and knew the time I expected something, a trojan app would probably not be very high on the list of my worries.

              1. gollux
                Mushroom

                Re: Silly

                The most vulnerable and exploitable portion of the internet, identified as CVE-0 has been shown to be easily overcome by well crafted attacks. The more over-confident and power-conscious the target, the easier it is to socially stroke it to the point of climax where it spews forth the information the attacker wishes. This is best enabled by an entire forensics surveillance directed at lower level entities taking advantage of their wish to be helpful, to identify CVE-0's contacts within the company, contacts external to the company, captured emails to analyze the writing style of CVE-0's contacts and various outside interests. Identifying communications for events and projects can help prepare CVE-0 for communications that contain desirable attachments which when activated, further root in to produce better information streams to the attacker.

                http://isc.sans.org/diary/Managing+CVE-0/10933

          2. Fibbles

            Re: Seriously?

            "You have to be a really silly user since OSX already warns that:"

            Windows has done that for years. Whilst it's reduced the efficiency of these sort of attacks they do still work.

            1. JohnG

              Re: Seriously?

              "You have to be a really silly user since OSX already warns that:"

              "Windows has done that for years."

              Even that wasn't enough so, for some years now, Windows email clients simply deny users any access to certain types of attachment, telling them that they should contact their system administrator if they wish to access the attachment concerned.

          3. Anonymous Coward
            Anonymous Coward

            Re: Seriously?

            open office files are sometimes treated as an app by the mail program it gets confused over certain extensions so some people might be used to ignoring the warning.

      2. gollux
        Mushroom

        Re: Seriously?

        I got the "Macs don't get viruses" comment as late as last week. Since most of the Mac users I know include all malware as viruses, it's no great reach for them to include clicking on links or running dmg installers.

        1. Matt Bryant Silver badge
          Thumb Up

          Re: Re: Seriously?

          "I got the "Macs don't get viruses" comment as late as last week...." Snap! But even more worrying are the number of people I meet that seem to think smartphones are immune to virii and malware.

    2. LarsG
      Mushroom

      A virus never on a Mac, just cannot happen, the OS wouldn't allow it, it's not possible, never ever ever!

    3. Wize

      Re: Seriously?

      "If you are dumb enough to install a .dmg in an email, no OS can save you."

      Maybe an OS with a virus checker installed that will get between the user and nasty files.

      Remember, as well as all of us clever people, there are a lot at the other end of the spectrum who will try to install something they think they need for some crappy little game or to turn websites pink.

  2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    That's a bit of a bizarre asssumption that Uyghurs have Macs, why do they think so, there must be some reason for it?

    1. Anonymous Coward
      Anonymous Coward

      That's actually an interesting point. If it was just a broad sweep, they'd probably hit Windows, or hell, direct them to a malicious site that can deliver a binary depending on the content of their user-agent. But the fact it's Mac malware suggests that they're after something specific on a Mac.

    2. Yet Another Anonymous coward Silver badge

      Just because you an oppressed and impoverished group of peasants in an oppressed and impoverished central asian republic - doesn't mean you don't appreciate the fine points of Apple's industrial design ethic

    3. Anonymous Coward
      Anonymous Coward

      Not Uyghurs; activists

      The two sets might intersect, but they are unlikely to be equal.

      The assumption is that human rights activists are likely to be using Macs, which is not such a stretch of the imagination. Possibly whoever orchestrated this little attack is only interested in the wealthier targets.

    4. bygjohn

      Uyghurs and Macs

      One possibility is better handling of non-western fonts, which I've heard has been increasing the Mac's popularity in Asia generally.

      A quick Wikipedia lookup reveals that Uyghur can be written in any of four different alphabets (modified arabic, modified cyrillic, modified latin and latin, roughly), so presumably good font handling is essential.

      1. Lallabalalla
        IT Angle

        Re: Uyghurs and Macs

        Interesting point about the font handling.

        And dare I suggest that Very Old Macs still work a lot better than Very Old PCs so there's a likelihood of them making their way out via charity and recycling schemes.

  4. Tigra 07
    Mushroom

    Well...

    Karma meet fanboy, fanboy meet karma

    1. toadwarrior

      Re: Well...

      Obviously any system is vulnerable if operated by a complete moron. But at least you have to click it and ignore the warning to get infected which is better than windows where just being online is a threat to the whole system.

      1. Anonymous Coward
        Anonymous Coward

        So true!

        I once got a virus while Windows was installing. The system was just on for literally 15 minutes, craziest thing ever.

        1. xj25vm

          Re: So true!

          I'm afraid that is true. Windows XP without SP2 didn't have the firewall enabled by default. If the computer is connected to the Internet during the OS install using ethernet and a DSL/cable connection (without a router with firewall and/or NAT in between - just the cable modem with public IP) - malware would exploit the various open ports and vulnerabilities even before you manage to finish the installation. Been there - learned the lesson the hard way :-(

  5. eulampios

    a few questions

    Did not get how does this backdoor install itself. If it executes while opening a jpeg file, it is a jpeg rendering engine vulnerability, if it executes by only clicking on, it is a bad email client/web browser issue.

    If a person supposed to downloaded and then install it, with some warnings that it is potentially insecure code then there is nothing one can do, since the miscreants can likewise send out attachments honestly asking users to kindly install the malware application so that they join the botnet.

    With all the Mac OSX appeal of the linked blog the security "researcher" seems to resort to Windows tools (except Thunderbird which is still on Windows). Not the best combination, I guess.

    1. JohnG

      Re: a few questions

      I thought it was pretty clear: the email has a zip file attached. The zip file contains a jpeg and an OSX app. Perhaps the jpeg file was included to provide a preview image in a file finder. I guess they expect the user to open the app file, ignoring any warnings from the OS.

      Where did you see Windows tools used by the Kaspersky security researcher and, if he did, why would it matter?

  6. raving angry loony
    Facepalm

    virus vs trojan

    malware - catch-all term for all types of threats, including trojans, viruses, 3rd party stuff that affects previously authorised software, worms, etc.

    virus - self propagating malware. Still no evidence of one that affects Mac OS X.

    trojan - requires user intervention. Exists since the dawn of history on most if not all operating systems. Hell, even Multics had one (a prank, but still a trojan).

    I kind of expect technically literate people to know the difference. Otherwise, you'll be placed in the same category as the users who, when asked which operating system they're running, claim they're running "Microsoft Office" or "Outlook".

    1. This post has been deleted by its author

    2. gollux
      Mushroom

      Re: virus vs trojan

      Preaching to the choir doesn't take care of the problem

      To the common user viruses = all the above, to the common Mac user, Macs don't get viruses, so by continuing this logic, Mac users don't have to worry about any of this silly junk.

      I work in a community of Mac, iPad, iPhone users and keep trying to get the word out that Mac Malware exists, but the most literate give me the, "It runs on OS X which is Unix and Unix doesn't get viruses like Windows does". routine which makes them sound smart but makes for an environment ripe for digital ambush of the willfully unwary.

  7. Saoir

    Yada yada yada

    Yet again another 'story' about Mac Trojans and Mac Infections based solely on the word of .... wow ..amazing .. ANTI Infection sellers !!

    1. Jeebus

      Re: Yada yada yada

      Cancer isn't a problem, after all we generally only hear about them from people who treat them.

      Idiot.

  8. Anonymous Coward
    Anonymous Coward

    Oh look!

    Lots of you still labour under the false impression that Mac users aren't smart enough to take precautions to avoid trojans, worms and standard issue viruses. Well bless your pointy, peecee-using, tin-foil-hatted little heads.

    In addition to employing AV software, the best precautions Mac users have taken is, never bothering again with any machine with a Redmond-sourced OS. You MS guys really ought to get it into your skulls that the majority of us used to have machinery benighted by Windows or even MSDOS. We use Macs "because" of our experiences with Windows.

    1. Jeebus

      Re: Oh look!

      No, you use them because you're worthless hipsters who work in coffee shops.

      1. Anonymous Coward
        Anonymous Coward

        Re: Oh look!

        And milk yaks

    2. Lallabalalla

      Re: Oh look!

      Too right - for home use.

      Sadly I still have to use PCs at work - I *say* sadly, but I shudder to think how long it would take me to become as productive on a Mac as I am on a PC. The file manager alone on win7 is worth the price of entry, I really can't get much done with "Finder", and I don't think it should be necessary to learn scripting or whatever just to find out what the accumulated size of all the .swfs in a directory is, or some such task. I'm sure there is a way but gawd knows what it is, other than <select files><right-click>Properties. SO easy!

    3. Anonymous Coward
      Anonymous Coward

      Re: Oh look!

      You could always try a liveCD or USB on your old hardware if you still have access to it, and some free time if you are ever stuck for something interesting to do. Better than throwing the gear away just because of MS and viruses.

      I personally gave up using Win on main box for that reason. Stil use Win elsewhere for specific programs only. But not for normal Net or multimedia or whatever.

      You can always use Virtualbox on the Mac to try to choose from various OS flavours in a virtual OS window before you try Live USB or CD for real on an older PC box. https://www.virtualbox.org/wiki/Downloads.

      Might even make a nice "sandbox" for trying other stuff out on that you don't want to break the Mac.

      Try Linux Mint or Fedora or OpenSuse or Arch or Mandriva or whatever. Might make a useful second box in your situation.

      Try this for Mac http://askubuntu.com/questions/86/how-do-i-create-an-ubuntu-live-usb-using-a-mac

      or http://www.makeuseof.com/tag/how-to-create-an-ubuntu-installation-usb-on-the-mac/

      or on a PC (maybe easier), this:- http://www.pendrivelinux.com/

      Absolutely easy graphical install - just make sure you don't want anything off your old HDD first, start the Live-CD/DVD/USB click "forward", give it a name and timezone and username. Job's a good'un.

      Or XBMC or such if you want to go mad with media centers/streaming,

      I would recommend http://www.pendrivelinux.com/ for making boot USB on PC, if you have a fairly large USB you can make a multi-boot YUMI USB with various different Live OSs on it.

      There's always PC-BSD if you want to run something a little bit related to a Mac if you need something to keep it company, also with possibilty of ZFS filesystem :)

      Might be worth trying one of the above if you still have your old kit gathering dust somewhere.

      Or, if you are into tough filesystems like ZFS and similar reliability to Solaris you could try OpenIndiana - based on Illumos kernel which is similar to the older OpenSolaris.

      http://openindiana.org/

      this family also includes Nexenta (good for NAS boxes), most of these Solaris-related ones would probably be better for media servers or pure servers than a daily desktop, unless perhaps for programming, they do seem to be a bit tricky for Flash and suchlike.

      OK loooong suggestion over and out. ;)

  9. Anonymous Coward
    Anonymous Coward

    harimi

    Xeterlik!

This topic is closed for new posts.