Russian hackers believed to be behind the attacks on the hacks that hit the Democratic National Committee (DNC) last year have created a new tool that could be used to target macOS users.
The group, which goes by various names including Fancy Bear, Pawn Storm and APT28, is said to be targeting macOS users with a new version of the X-Agent Trojan, which has in the past been used against Windows, Linux, Android and iOS devices.
"Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation," Bitdefender researchers wrote.
"For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel."
According to the security firm, this is the first version of X-Agent to hit Apple's desktop OS, and while it's not entirely clear how the malware is being distributed, it's likely a macOS malware called Komplex, which exploits a vulnerability in the virus-like MacKeeper software, is involved.
The X-Agent malware works like its Windows counterpart and can steal passwords, grab screenshots, and exfiltrate backups of iPhones stored the compromised Mac, as well as execute other malicious code on infected machines through the creation of backdoor.
"Once successfully installed, the backdoor checks if a debugger is attached to the process. If it detects one, it terminates itself to prevent execution. Otherwise, it waits for an Internet connection before initiating communication with the C&C (control and command) servers. After the communication has been established, the payload starts the modules," Bitdefender explains.
It has been believed the APT28 hacker group responsible has been active at least since 2007 and has close ties with Russian government.
Just last week it was revealed that macOS users were being infected with malware via a rogue Word document.
Windows 10 Chinese Government Edition completed by Microsoft
And even when IoT projects do get completed, one-third aren't considered a success
So, the Frontier Edition launches at the end of June, the Radeon RX Vega in July - and the Ryzen 3 straight after?
From accidentally selling sensitive data on eBay, to forgetting that security solutions needs to be 'on' to work, we've got the full rundown of the worst security gaffes ever