Hackers rejig Linux Trojan for Macs

Malware writers continue toying with Mac OS X

Malware writers have repackaged an old Linux backdoor known as Tsunami to target Mac OS X systems, researchers at Slovakian antivirus firm ESET have discovered.

“It is actually an OS X port of the Linux family of backdoors that we have been detecting since 2002,” ESET malware researcher Robert Lipovsky said Thursday.

The malware waits for instructions from an IRC channel, which could order an infect Mac to join a Distributed Denial of Service attack or download additional malware. It also allowed the attacker to take control of an infected computer by executing shell commands.

The capabilities were basically the same as the Linux Tsunami malware, said Lipovsky, but the IRC server, channel and password had changed.

Security vendor Sophos updated its Mac antivirus product and identified the malware was delivered as a Trojan.

It’s currently not known how this malware would find its way on to a Mac machine, however recent attempts to target the platform have relied on social engineering to convince victims to sign the application, such as the MacDefender scareware, and the more recent Flashback malware, which posed as a Flash Player installer.

“It could be that a malicious hacker plants it there, to access your computer remotely and launch DDoS attacks, or it may even be that you have volunteered your Mac to participate in an organised attack on a website,” Sophos’ Graham Cluley speculated.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags malwareLinuxMac OS XantivirustrojanesettsunamiRobert LipovskyLinux Tsunami

Show Comments