Suspected Russian DNC hackers brew Mac trojan Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson. The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software …
"... a trojan targeting Mac OS X machines in the aerospace sector ...
On average, Macs in the aerospace sector should be somewhat harder targets than others. Different wetware.
I've given up on telling friends and acquaintances of mine that classify themselves as "creatives" and/or work "something in media" about security awareness and malware on Macs. Utterly, totally useless because "there is only malware on Windows computers".
Who was it doing the suspecting, what evidence did they produce to support such an allegation and what would the Russian motive be, as the only beneficiaries of such a story are of the 'Hillary' camp. How does this Komplex trojan get executed on the Mac OS X machines without the end user visiting a compromised site and downloading and executing the program?
*Sigh* Did you read the article? The malware is embedded in a booby-trapped document. In other words, its a spear phishing attack. Nothing to do with compromised websites.
Also the beneficiaries of the DNC hack were most certainly not the "Hilary" camp, as those emails went along way to alienating a large number of democrat supporters that had previously been supporting Bernie Sanders.
Whether it was actually the Russians or not, they do have a motive and that is discord in the Democrats would be helpful to Trump who is clearly much more friendly to Russia then Hilary. So please stop spouting nonsense like it's all some backward conspiracy theory...
uh, you still need to download and VIEW the PDF. Then again, it could've been attached to a 'legit looking' spam-mail...
/me wonders if open source PDF readers like 'evince' are still vulnerable to that exploit...
I don't like the more recent PDF viewer from Adobe. It tries to "do too much" and that's probably what the vulnerability exploits. But if it's a vulnerability the PDF format ITSELF, the readers will need to be able to shut such "features" off, to prevent spammed PDFs from being viewed by accident in spam-mails (and infecting your computer).
Though I must admire the cleverness of the evil hackers behind the exploit, making sure that the payload behaves as you expect, so that the virus/trojan load happens without any suspicion.
[Macs have the ability to install 'macports' or similar open source packages, and as such 'evince' and other open source readers SHOULD be available - I would suggest that security patches start with THAT, abandoning Adobe readers, and using one of the open source readers]
The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software to gain access to machines.
AFAIK, MacKeeper doesn't exactly have a sterling reputation - it appears malware all by itself. These people may have just added to the reasons to avoid it as the plague. That may be why they target the military - they don't always take smart IT decisions..
Indeed, MacKeeper is at the very best sleezeware. I would personally categorize it as malware. I have had clients fall for the scare tactics employed by MacKeeper. It hijacks browsers and causes general havoc on Macs. And here is another very good reason not to touch it with a barge pole.
Security software my arse!
So here's the question (regarding the attack vector): Is MacKeeper HOOKING THE ADOBE READER [which is what I suspect is happening], or being somehow "activated" by the Adobe reader?
So there's my earlier point about using an open source PDF reader to prevent the problem. I suppose I should've clarified by including the 'MacKeeper' vector, which I was assuming to be some kind of anti-virus thing.
But if it's hijacking browsers and stuff, then you're right, it WOULD BE a form of 'sleezeware' like all of those 'browser button' plugin things from the "noughties", pretending to be anti-virus anti-malware 'security' but then secretly tracking you or something...
(or in THIS case, providing a vector for breaking into your computer)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
