Mac malware, possibly made in Iran, targets US defense industry - givensmaysion1973

Retributive because you'Re using a Mac doesn't mean you'rhenium safe from hackers. That's what two security department researchers are admonition, after determination a Mac-based malware that may be an attempt by Iranian hackers to object the U.S. defense manufacture.

The malware, titled MacDownloader, was plant connected a website impersonating the U.S. aerospace unbendable United Technologies, according to a report from Claudio Guarnieri and Collin Anderson, who are researching Iranian cyberespionage threats.

The fake site was antecedently used in a spear phishing electronic mail attack to spread Windows malware and is believed to embody maintained by Iranian hackers, the researchers claimed.

Visitors to the site are greeted with a page active exempt programs and courses for employees of U.S. defense companies Lockheed Martin, Raytheon, and Boeing.

The malware itself can be downloaded from an Adobe brick Flash bulb installer for a video integrated in the site. The website bequeath provide either Windows or Mac-based malware, depending on the detected operating system.

Iran Threats

A screenshot of the phoney site.

The MacDownloader malware was designed to profile the dupe's computer, then steal credentials past generating fake organization login boxes and harvesting them from Apple's password management system, Keychain.

However, the malware is of shoddy quality and is "potentially a first attempt from an amateur developer," the researchers said.

For instance, once the malware is installed, it'll generate a fake Adobe brick Flash Player dialog box, only to and then announce adware was discovered on the computer that it'll attempt to uninfected up.

"These dialogues are also rife with basic typos and grammatical errors, indicating that the developer remunerated little attention to quality ensure," the researchers same.

In accession, the malware failed to run around a script to download additional malicious steganography onto the infected Mac.

But contempt the shoddy quality, the malware still managed to evade detection on VirusTotal, which aggregates antivirus scanning engines.

The researchers found past specific evidence that the malware is linked to Iran. An exposed server that the MacDownloader agentive role uploaded to showed radio networks called "Jok3r" and "mb_1986." Some of these names have ties to previous Iranian hacking groups, including one known as Flying Kitty, which is suspected of targeting U.S. vindication contractors and political dissidents.

In an email, Anderson aforesaid a colleague of theirs also observed MacDownloader targeting a human rights militant.

The danger is that umteen human rights supporters, especially in Persia, are conditional Apple devices, the researchers aforementioned. "While this [malware] is neither sophisticated nor full-featured, its sudden appearance is concerning given the popularity of Apple computers," they wrote in their report.

Macintosh malware is fairly rare, according to security department researchers. That's because hackers tend to snipe Windows-settled devices, because of their popularity.

Notwithstandin, Mac-based malware is still popping up hither and there. Last month, researchers recovered other kind designed to spy on medicine research centers. A removed Mack-based Trojan was institute months earlier, targeting the aerospace industry.

Source: https://www.pcworld.com/article/411972/mac-malware-possibly-made-in-iran-targets-us-defense-industry.html

Posted by: givensmaysion1973.blogspot.com

Share this post