Hackers rejig Linux Trojan for Macs

Malware writers continue toying with Mac OS X

Malware writers have repackaged an old Linux backdoor known as Tsunami to target Mac OS X systems, researchers at Slovakian antivirus firm ESET have discovered.

“It is actually an OS X port of the Linux family of backdoors that we have been detecting since 2002,” ESET malware researcher Robert Lipovsky said Thursday.

The malware waits for instructions from an IRC channel, which could order an infect Mac to join a Distributed Denial of Service attack or download additional malware. It also allowed the attacker to take control of an infected computer by executing shell commands.

The capabilities were basically the same as the Linux Tsunami malware, said Lipovsky, but the IRC server, channel and password had changed.

Security vendor Sophos updated its Mac antivirus product and identified the malware was delivered as a Trojan.

It’s currently not known how this malware would find its way on to a Mac machine, however recent attempts to target the platform have relied on social engineering to convince victims to sign the application, such as the MacDefender scareware, and the more recent Flashback malware, which posed as a Flash Player installer.

“It could be that a malicious hacker plants it there, to access your computer remotely and launch DDoS attacks, or it may even be that you have volunteered your Mac to participate in an organised attack on a website,” Sophos’ Graham Cluley speculated.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags LinuxtsunamiLinux TsunamiMac OS XesettrojanmalwareantivirusRobert Lipovsky

More about LinuxMacsSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place