It used to be that Mac computers were immune from the vast majority of viruses and malware plaguing Windows and other platforms. But as Apple’s products have been growing in popularity, hackers and malware developers have been increasingly targeting macOS.
Following recent reports of Mac malware that uses a very old Windows trick which relies on Microsoft Word macros, a new strain of malware from Russian hackers has been found to steal your saved passwords and iPhone backups, security firm BitDefender said.
It’s basically a sophisticated version of the Xagent malware that has been used in the past to attack Windows, iOS, Android and Linux devices. It was probably developed by the Russian hacking group APT28 accused of hacking into the US Democratic National Committee last year.
This new strain of Xagent was found to specifically target Mac users.
Once it finds its way onto a victim’s machine, the malware uses the Komplex downloader to retrieve a payload from the server that installs a modular backdoor software. It gives the attacker advanced cyber-espionage capabilities, including the ability to steal passwords, retrieve iPhone backups created locally in desktop iTunes, take screenshots, detect system configurations and even execute files.
Notably, the Xagent download exploits a vulnerability in MacKeeper, a heavily promoted Mac optimization software which has been the subject of a class-action lawsuit for false advertising.
“For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel,” noted researchers.
Bitdefender has not yet determined how the new malware spreads as they’re still analyzing Xagent, but we’ll make sure to update the article with further information once it becomes available. For the time being, be sure to adjust your Gatekeeper settings so that your Mac cannot download and execute apps from unidentified developers.