Suspected Russian DNC hackers brew Mac trojan

Ruskie space program doc used as spear phish payload.

Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson.

The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software to gain access to machines.

Olson says the group known as "Sofacy", "Pawn Storm" and "Fancy Bear", among other names, is thought to be behind attacks leading to the theft and leaking of DNC emails and research documents.

The group is thought to have also hacked NATO and European organisations in the military sector.

"The Sofacy group created the Komplex trojan to use in attack campaigns targeting the OS X operating system – a move that showcases their continued evolution toward multi-platform attacks," Olsen says.

"The tool is capable of downloading additional files to the system, executing and deleting files, as well as directly interacting with the system shell.

"... we believe Komplex has been used in attacks on individuals related to the aerospace industry, as well as attacks leveraging an exploit in MacKeeper to deliver the trojan."

Olsen says the malware is similar to the group's Carberp trojan in a move that could simplify compromise of PC and OS X systems with the same command-and-control server.

It delivers information on a target machine including running processes, user identities, and can execute commands sent from the server.

The trojan is shipped within a PDF document on Russian space projects that executes the malware along with a 17-page document, the latter a ruse to cloak the malware's execution. ?


Biting the hand that feeds IT ? 1998–2017

<rt id="haujiCA"></rt>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<rt id="haujiCA"></rt>
<rt id="haujiCA"><small id="haujiCA"></small></rt>
<acronym id="haujiCA"></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"></acronym>
<rt id="haujiCA"></rt>
<rt id="haujiCA"><optgroup id="haujiCA"></optgroup></rt>
<rt id="haujiCA"></rt>
  • 107351295 2018-02-18
  • 9487041294 2018-02-18
  • 7763841293 2018-02-18
  • 5836761292 2018-02-18
  • 615581291 2018-02-18
  • 5081161290 2018-02-18
  • 321961289 2018-02-18
  • 776731288 2018-02-18
  • 9075261287 2018-02-18
  • 3005511286 2018-02-18
  • 867341285 2018-02-18
  • 2234581284 2018-02-17
  • 1507351283 2018-02-17
  • 4371991282 2018-02-17
  • 6759701281 2018-02-17
  • 5507351280 2018-02-17
  • 44561279 2018-02-17
  • 1884971278 2018-02-17
  • 8364991277 2018-02-17
  • 713261276 2018-02-17