back to article 'Ancient' Mac backdoor discovered that targets medical research firms

Security researchers at Malwarebytes have discovered a Mac backdoor using antiquated code that targets biomedical research facilities. The malware was probably created years ago but has only recently been discovered. Malwarebytes speculates that it wasn't found before because it was only ever used in targeted attacks, limiting …

  1. Stevie Silver badge

    Bah!

    So sorry, all Medical Macsnob data are belong to People's Data Pool.

    1. macjules Silver badge

      Re: Bah!

      And how much more legacy cr*p is there floating around from OS9 then? Not even thinking about how many classes and methods with the "NS" prefix (NeXT and Sun) that you can still find in Cocoa.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bah!

        The NS prefix is for NeXTSTEP.

        Sun entered the picture after the names had started to migrate from a mix of NX and no prefix to an NS prefix - it just so happened that it worked out well, naming wise with NeXTSTEP and SUN

        1. stu 4

          Re: Bah!

          "Sun entered the picture after the names had started to migrate from a mix of NX and no prefix to an NS prefix - it just so happened that it worked out well, naming wise with NeXTSTEP and SUN"

          you sure about that - I was full time nextstep at that time - I think we moved to NS with openstep.

          openstep ran on next, sun, windows, etc

          I think we used NS* for all openstep stuff.

          And since that IS osx basically it makes sense its still there.

  2. Your alien overlord - fear me

    "In addition, the binary also includes the open-source libjpeg code, which was last updated in 1998."

    So it would have been written after 1998 then.

    1. joea

      Does not necessarily follow, unless the included code IS the last updated version. The statement is not clear on that point, to my eye.

  3. Anonymous Coward
    Anonymous Coward

    Quimitchin

    Quim itchin ?

    Really?

    1. Gideon 1

      Re: Quimitchin

      "Quimitchin" were Aztec spies, apparently, though it could be just another hilarious Wikipedia hoax.

    2. Sweep

      Re: Quimitchin

      Who put sand in their vaginas?

      1. Simon Harris Silver badge

        Re: Quimitchin

        It says it's a backdoor attack...

        wouldn't that be more of a front door?

      2. Anonymous Coward
        Anonymous Coward

        Re: Quimitchin

        I have heard Trump has hired Quimitchin to spy on Hillary Clinton's Huma!

  4. CAPS LOCK Silver badge

    A backdoor in what exactly?

    The operating system code? A bundled application? I find this level of vagueness suspicious.

    1. Frank Bitterlich

      Re: A backdoor in what exactly?

      I'd rather call it remote access malware - it opens up a backdoor in your OS once it's installed.

      The infection vector is not known yet, as far as I understand it.

      It could very well be the payload of a standard trojan, I think.

      1. Anonymous Coward
        Anonymous Coward

        Re: A backdoor in what exactly?

        Sounds like they don't know, as this is just generic code running. So, it appears to be a backdoor that was installed, which isn't a backdoor at all, but just an exploitive program.

        As far as age, from source...

        "Further, there is a comment in the code in the macsvc file that indicates that a change was made for Yosemite (Mac OS X 10.10), which was released in October of 2014."

        I'm not sure what all the fuss is, especially considering it runs as user.

    2. Dan 55 Silver badge

      Re: A backdoor in what exactly?

      It's a userland shell script which runs on MacOS and Linux and does different things depending on which OS it's running on to autorun on login and capture the screen.

      There is no backdoor.

      1. Anonymous Coward
        Anonymous Coward

        Re: A backdoor in what exactly?

        This malware is definitely a 'backdoor' in "hacker-speak".

        It's called a backdoor regardless of whether it sneaks in with some other software or is installed after compromising the host.

        'Malware' would traditionally imply that it's mass distributed, not targeted, though it's not an exact term.

        Not all 'malware' opens a 'backdoor' either. For example, something that only encrypts your disk and demands ransom without including any remote control functionality. Or more traditional viruses and similar.

  5. wolfetone Silver badge
    Coat

    "More secure than PC? Ha!"

    Careful, the Jobsian cult will be after you for such blasphemy.

    1. Anonymous Coward
      Anonymous Coward

      Re: "More secure than PC? Ha!"

      The fact that this is at all newsworthy (compared to the uncountable hordes of Windows malware) tells you something.

      1. wolfetone Silver badge
        Linux

        Re: "More secure than PC? Ha!"

        There's more to a PC than Windows.

      2. jtaylor

        Re: "More secure than PC? Ha!"

        Ah, I remember when PC stood for Personal Computer. (What does it stand for now?)

        I'm unconvinced that Macs transcend personal computing.

        But yeah, seems like standard userland malware.

      3. JLV Silver badge

        Re: "More secure than PC? Ha!"

        > Careful, the Jobsian cult will be after you for such blasphemy.

        Oh, I agree. Remember Mac Defender? "AppleCare employees were told not to assist callers in removing the software." (Wikipedia quote, true, but it was also all over the news at the time). Macs are more secure, due to their 'nix underpinnings, but Apple has sometimes been lackadaisical when it comes to security. They do seem to be getting a bit better. I guess they've figured out the ostrich defense doesn't look so good after all.

        >The fact that this is at all newsworthy (compared to the uncountable hordes of Windows malware) tells you something.

        True enough, but no reason to get all complacent either. I know I am always interested in Linux/OSX malware to get a sense of the risk for us non-Windows users.

        Any recommendations for a good Mac AV/malware scanner? I've used Sophos and it was a real hog, always sucking up CPU for live scans. I am more interested in something that I can launch when I want, for example on a download. Not something that acts like a junior McAfee by being on alert all the time. Malwarebyte?

        IMHO, the problem with Mac/Linux AVs is that they are a bit like the SWAT team in Luxembourg. Sure, they can talk the talk and look tough. But they've seen so little action that it's hard to know how they will react when the shit hits the fan. So it's not sure if their donut bill is worth it.

        1. Anonymous Coward
          Anonymous Coward

          Re: "More secure than PC? Ha!"

          "SWAT team in Luxembourg"

          HA! That's worthy of many upvotes.

          Help! I think I'm having a vulns in my A/UX!

          https://en.wikipedia.org/wiki/A/UX

          Oh, never mind, I was just missing one of the fifty floppy disks needed to install it. :)

          This is also reminding me to hurry up and play with the lime green 333MHz G3 iMac I have sitting on my kitchen table so I can get to the next project which probably has some RPi gear needing the space.

          Last time I got a computer malware, for real, was in 1988. I copied some games, Crystal Quest you guys!, from my girlfriend's work computer and caught it bad. Fortunately, I just copied some cleaning software from my work and all was right with the world. Gosh, I miss that girlfriend's cat. Mr Gnome was quite a guy.

          Macs. They used to smile at you, you know.

        2. TVU Silver badge

          Re: "More secure than PC? Ha!"

          "Any recommendations for a good Mac AV/malware scanner? I've used Sophos and it was a real hog, always sucking up CPU for live scans."

          I'd suggest looking at Bitdefender Antivirus for Mac and see how you get on with it.

          1. Anonymous Coward
            Anonymous Coward

            Re: "More secure than PC? Ha!"

            The last time i lost any work - on any system - was on Vista. It wasn't due to a virus, but to Vista restarting *my* laptop after I'd left it to render some raytraced images overnight.

            I lost work because Vista wanted to restart itself to install updates to prevent some virus from making me lose any work. (Did I get that right?)

            So yeah, I'd have rather been using OSX back then. Except said CAD software wasn't then available for OSX or Linux (though it's a bit better now). At the time, I was also envious of my boss for the way his G4 Mac Pro woke from sleep instantly the moment he brushed its mouse when he popped in the office.

  6. Disk0
    Coat

    one person's malware

    is another person's remote support tool...

    1. Anonymous South African Coward Silver badge

      Re: one person's malware

      Quite.

      Some well-known apps (Ultr@VNC etc) is ignored, whilst others (Remote Admin etc) usually get flagged.

      Is a PITA, especially when more than one IT house has access to a site, and each loads/installs their version of remote control onto the PC's.

      Then you come along, tasked with installing antivirus protection, then the AV flags half of the installs as bad whilst ignoring the rest...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019