Security researchers cause got discovered a novel Mac malware allegedly developed yesteryear APT28 Russian cyber espionage grouping who is believed to hold upward responsible for 2016 presidential election hacking scandal.
Influenza A virus subtype H5N1 novel variant of the X-Agent spyware is at i time targeting Apple macOS organisation that has previously been used inwards cyber attacks against Windows, iOS, Android, together with Linux devices.
The malware is designed to bag spider web browser passwords, accept screenshots of the display, discovery organisation configurations, execute files together with exfiltrate iPhone backups stored on the computer.
The X-Agent malware is tied to Russian hacking grouping known every bit APT28 — likewise known every bit Fancy Bear, Sofacy, Sednit, together with Pawn Storm — that has been operating since at to the lowest degree 2007 together with is allegedly linked to the Russian government.
Influenza A virus subtype H5N1 novel variant of the X-Agent spyware is at i time targeting Apple macOS organisation that has previously been used inwards cyber attacks against Windows, iOS, Android, together with Linux devices.
The malware is designed to bag spider web browser passwords, accept screenshots of the display, discovery organisation configurations, execute files together with exfiltrate iPhone backups stored on the computer.
The X-Agent malware is tied to Russian hacking grouping known every bit APT28 — likewise known every bit Fancy Bear, Sofacy, Sednit, together with Pawn Storm — that has been operating since at to the lowest degree 2007 together with is allegedly linked to the Russian government.
"Our yesteryear analysis of samples known to hold upward linked to APT28 grouping shows a position out of similarities betwixt the Sofacy/APT28/Sednit Xagent ingredient for Windows/Linux together with the Mac OS binary that currently forms the object of our investigation," Bitdefender reported inwards a Russian hacking group.
Once successfully installed, the backdoor checks for the presence of a debugger together with if it finds one, it terminates itself to preclude execution. But if not, the backdoor waits for an Internet connector to communicate amongst the command-and-control servers.
"After the communication has been established, the payload starts the modules. Our preliminary analysis shows unopen to of the C&C URLs impersonate Apple domains," Bitdefender researchers said."Once connected to the C&C, the payload sends a HelloMessage, together with thence spawns ii communication threads running inwards interplanetary space loops. The erstwhile uses POST requests to ship data to the C&C, piece the latter monitors GET requests for commands."The Research is all the same ongoing together with Bitdefender safety researchers correct at i time exclusively cause got the Mac malware sample together with non a amount pic of how an prepare on works.
APT28 is i of the ii Russian-linked cyber-espionage groups that cause got been accused of hacking into the USA Democratic National Committee's electronic mail server terminal twelvemonth together with interfering amongst the 2016 presidential election.
You tin give the sack read BitDefender's previous analysis on the APT28 hacking grouping hither [PDF].