Malware ported from the Linux environment makes its ‘debut’ on Mac OS X
Sophos is sounding the alarm on OSX/Tsunami-A, a newly emerged backdoor Trojan horse for Mac OS X. The company’s senior technology consultant says it’s a dangerous one!The news comes high on the heels of another Trojan targeting Macs - Flashback, whose multiple variants masquerade as a Flash player installer.
Now, Graham Cluley writes on his company’s Naked Security blog that Tsunami is particularly interesting because “it appears to be a port of Troj/Kaiten, a Linux backdoor Trojan horse that once it has embedded itself on a computer system listens to an IRC channel for further instructions.”
Cluley notes that his company’s freeware antivirus solutions are being updated to detect this malware. In the meanwhile, some questions remain unanswered, he says. Like, for example, “how would this code find itself on your Mac in the first place?”
Cluley proposes a few plausible scenarios, such as: “a malicious hacker plants it there, to access your computer remotely and launch DDoS attacks”; “or … you have volunteered your Mac to participate in an organised attack on a website.”
But regardless of how you may get infected, the Trojan basically makes it possible for someone to gain full control of your Mac. “If that doesn't instantly raise the hairs on the back of your neck, it certainly should,” says Cluley.
“Mac users are reminded that even though there is far less malware in existence for Mac OS X than for Windows, that doesn't mean the problem is non-existent. You only need to read our short history of Mac malware to realise that,” he adds.
As usual, Sophos expects to see these cybercriminal attacks to continue, and that includes the Mac front where users fail to protect their computers.
“If the bad guys think they can make money out of infecting and compromising Macs, they will keep trying,” Cluley ends.