back to article Suspected Russian DNC hackers brew Mac trojan

Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson. The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software …

  1. allthecoolshortnamesweretaken

    "... a trojan targeting Mac OS X machines in the aerospace sector ...

    On average, Macs in the aerospace sector should be somewhat harder targets than others. Different wetware.

    I've given up on telling friends and acquaintances of mine that classify themselves as "creatives" and/or work "something in media" about security awareness and malware on Macs. Utterly, totally useless because "there is only malware on Windows computers".

    1. lglethal Silver badge
      Go

      Not sure I agree with you there - the only people in the Aerospace industry who would be using macs are upper management. They aren't exactly the least susceptible to phishing attacks...

      1. Mark 65

        "Ooo, free parking", *click*

  2. Anonymous Coward
    WTF?

    Suspected Russian DNC hackers

    Who was it doing the suspecting, what evidence did they produce to support such an allegation and what would the ‭Russian motive be, as the only beneficiaries of such a story are of the 'Hillary' camp. How does this Komplex trojan get executed on the Mac OS X machines without the end user visiting a compromised site and downloading and executing the program?

    1. lglethal Silver badge
      FAIL

      Re: Suspected Russian DNC hackers

      *Sigh* Did you read the article? The malware is embedded in a booby-trapped document. In other words, its a spear phishing attack. Nothing to do with compromised websites.

      Also the beneficiaries of the DNC hack were most certainly not the "Hilary" camp, as those emails went along way to alienating a large number of democrat supporters that had previously been supporting Bernie Sanders.

      Whether it was actually the Russians or not, they do have a motive and that is discord in the Democrats would be helpful to Trump who is clearly much more friendly to Russia then Hilary. So please stop spouting nonsense like it's all some backward conspiracy theory...

      1. bombastic bob Silver badge
        Devil

        Re: Suspected Russian DNC hackers

        uh, you still need to download and VIEW the PDF. Then again, it could've been attached to a 'legit looking' spam-mail...

        /me wonders if open source PDF readers like 'evince' are still vulnerable to that exploit...

        I don't like the more recent PDF viewer from Adobe. It tries to "do too much" and that's probably what the vulnerability exploits. But if it's a vulnerability the PDF format ITSELF, the readers will need to be able to shut such "features" off, to prevent spammed PDFs from being viewed by accident in spam-mails (and infecting your computer).

        Though I must admire the cleverness of the evil hackers behind the exploit, making sure that the payload behaves as you expect, so that the virus/trojan load happens without any suspicion.

        [Macs have the ability to install 'macports' or similar open source packages, and as such 'evince' and other open source readers SHOULD be available - I would suggest that security patches start with THAT, abandoning Adobe readers, and using one of the open source readers]

  3. Anonymous Coward
    Anonymous Coward

    The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software to gain access to machines.

    AFAIK, MacKeeper doesn't exactly have a sterling reputation - it appears malware all by itself. These people may have just added to the reasons to avoid it as the plague. That may be why they target the military - they don't always take smart IT decisions..

  4. Anonymous Coward
    Anonymous Coward

    MacKeeper security software

    Isn't Mackeeper malware by itself? Just asking.

    1. cyrus

      Re: MacKeeper security software

      Indeed, MacKeeper is at the very best sleezeware. I would personally categorize it as malware. I have had clients fall for the scare tactics employed by MacKeeper. It hijacks browsers and causes general havoc on Macs. And here is another very good reason not to touch it with a barge pole.

      Security software my arse!

      1. bombastic bob Silver badge
        Unhappy

        Re: MacKeeper security software

        So here's the question (regarding the attack vector): Is MacKeeper HOOKING THE ADOBE READER [which is what I suspect is happening], or being somehow "activated" by the Adobe reader?

        So there's my earlier point about using an open source PDF reader to prevent the problem. I suppose I should've clarified by including the 'MacKeeper' vector, which I was assuming to be some kind of anti-virus thing.

        But if it's hijacking browsers and stuff, then you're right, it WOULD BE a form of 'sleezeware' like all of those 'browser button' plugin things from the "noughties", pretending to be anti-virus anti-malware 'security' but then secretly tracking you or something...

        (or in THIS case, providing a vector for breaking into your computer)

    2. Crazy Operations Guy Silver badge

      Re: MacKeeper security software

      MacKeeper is pretty much a port of a Windows AntiVirus application from 20 years ago.

      Funny enough, my proxy running ClamAV detects MacKeeper as malware when enabling behavior-based detection.

  5. TWB

    No Adobe reader or MacKeeper

    I just use Preview to read .pdfs and MacKeeper's pushy selling techniques have made me steer clear of it, so am I vulnerable to this?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019