Number: IRCNE2014092315
Date: 2014-09-13
According to “techworld”, a group of hackers known for past cyberespionage attacks against the U.S. Defense Industrial Base, as well as companies from the electronics and engineering sectors, has recently started using a backdoor program to target Mac OS X systems.
"The backdoor code was ported to OS X from a Windows backdoor that has been used extensively in targeted attacks over the past several years, having been updated many times in the process," security researchers from FireEye said Thursday in a blog post.
The malicious program is dubbed XSLCmd and is capable of listing and transferring files and installing additional malware on an infected computer. The OS X variant can also log keystrokes and capture screen shots, the FireEye researchers said.
When installed on a Mac the malware copies itself to /Library/Logs/clipboardd and $HOME/Library/LaunchAgents/clipboardd. It also creates a com.apple.service.clipboardd.plist file to ensure its execution after system reboots.
The malware contains code that checks the OS X version, but does not account for versions above 10.8 (Mountain Lion). This suggests that version 10.8 was either the latest OS X version when the program was written or at least the most common one used by its intended targets.
The XSLCmd backdoor was created and is used by a cyberespionage group that has been operating since at least 2009 and has been dubbed GREF by the FireEye researchers. "Historically, GREF has targeted a wide range of organizations including the US Defense Industrial Base (DIB), electronics and engineering companies worldwide, as well as foundations and other NGOs, especially those with interests in Asia," they said.
According to FireEye, GREF is known to have used zero-day exploits in the past. These are exploits for vulnerabilities that didn't have a patch available when they started being targeted.
This new XSLCmd variant is the latest of several backdoor programs for Mac OS X that have been used in cyberespionage attacks in the past couple of years.
- 2