A new malware found on Mac systems steals passwords, grabs screenshots, and ex-filtrates iPhone backups. It’s the Xagent for Mac linked to Russian group that hacked DNC. It used to be the fact that Mac computers were immune from the vast majority of viruses and malware plaguing Windows and other problems. Now, it seems Apple’s products have been growing in popularity, hackers and malware developers have been increasingly targeting macOS.
The recent reports of Mac malware actually uses a very old Windows trick which relies on Microsoft World macros, a new mark of malware from Russia linked with APT28, blamed for the hack of the Democratic Party, releases Xagent malware that can steal iPhone backups.
The same version of Xagent malware was used in the past to attack Windows, iOS, Android and Linux devices. It was probably developed by the Ressuian hacking team group APT28 accused of hacking into the US Democratic National Communitee last year, while this new strain of Xagent was found to specifically target Mac user-base.
Once it finds its way onto the victim’s machine, the sophisticated version of malware uses the Komplex downloader to retrieve a payload from the server that installs a modular backdoor software. It also gives the attacker advanced cyber0espionage capabilities, including the ability to hijack passwords, retrieve iPhone backups created locally on desktop iTunes, detect sysytem configurations and even execute files without your permission.
Important to note that Xagent download exploits a vulnerability in MacKeeper, a heavily promoted Mac optimization software which has been a subject of class-action lawsuit for false advertising.
“For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel,” noted researchers.
Bitdefender has not determined how the new malware spreads as they’ll still analyzing Xagent. As always, as soon as anything becomes available we’ll let you know via Updates. For the time being, adjust your Gatekeeper settings so that your Mac cannot download or execute apps from unidentified developers.