Russian hackers suspected of creating a Trojan that allows you to gain full access to Mac computers
Experts have discovered a malicious application that is distributed via a PDF document containing details about the Federal space program of Russia. They believe that this malware are cyberpsace from Russia.
Specialists Palo Alto Networks reported the appearance of a new Trojan used in the attacks on Mac computers. Currently aware of the existence of three types of malware. Two of them are for x86 and x64, and the third is universal.
According to Securitylab, the Trojan Komplex directly associated with increased activity of hacker group Fancy Bear, also known as APT28, Sednit, Pawn Storm, Strontium and Sofacy. She specializiruetsya on the cyber espionage on a large scale, but also often steal personal information from the computers of victims for further speculation.
Infecting the target computer is carried out through the exploitation of vulnerabilities within the application MacKeeper. The Trojan spreads through a PDF document, allegedly containing details about the Federal space program of Russia for 2016-2025. Once on the computer, Komplex collects data about the system. Trojan waits until the user connects to the Internet, and only communicates with the control server of the attackers and sends the information.
Based on the obtained data, the operators of the malware make a decision about sending additional modules. The researchers were able to identify the modules used by the attackers to download files on the targeted computer, stealing data, executing commands.
According to experts, Komplex is a version for Mac OS X banking Trojan Carberp, which had previously adopted a group Fancy Bear. It is assumed that this command was behind the attacks on the servers of the National Committee of the Democratic party of the USA and the world anti-doping Agency.