A new Trojan is targeting Macintosh computers. It has been discovered that SabPub, a backdoor that seeks to connect to remote command and control servers, comes in two variants, both of which can be easily patched with Apple’s Java updates and several antivirus apps designed specifically for the Mac.
Mac security specialist Intego reports
that “Yet another malware has been found to exploit the CVE-2012-0507 Java vulnerability with a drive by download.”
“SabPub is a backdoor that seeks to connect to remote command and control servers, presumably to harvest information on infected Macs."
"This malware installs in the user’s /Library/LaunchAgents folder, so no administrator password is needed. It places its code in the user’s /Library/Preferences folder (the com.apple.PubSabAgent.pfile),” reads the advisory.
Intego reports that their initial findings churned up an offline command and control server, but that the server later went online:
“Initially, the command and control server that this malware tried to connect to was off-line, but Intego’s malware researchers have found it to be accessible today,” according to the Austin, Texas-based security vendor.
The Mac antivirus company claims to have seen a few samples of the malware, but clarifies that it “does not yet seem to be widely distributed.” Intego clarifies that the risk is low, and that customers can easily stay out of harm’s way by installing the latest updates from Apple.
“It is worth noting that the Java vulnerability this malware uses was patched by Apple ten days ago. So Mac users should make sure that they have their Java up to date.”
As usual, Intego doesn’t miss out on the chance to notify Mac users that “Intego’s Mac antivirus, VirusBarrier X6 with malware definitions dated April 12, 2012 or later, will detect and remove the SabPub backdoor.”