Mac OS X Security Threat Discovered - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Infrastructure // PC & Servers

Mac OS X Security Threat Discovered

The malicious code distributed from a hacker Web site has been given a "critical" security tag, but can infect only certain versions of the Mac OS.

Security vendor SecureMac has discovered multiple variants of a Trojan capable of letting a hacker remotely commandeer a Mac computer.

The malicious code is being distributed from a hacker Web site, where there have been discussions on distributing the Trojan through iChat and LimeWire, said SecureMac, which has given the Trojan a "critical" security rating. The program can infect Mac OS X 10.4 and 10.5 machines.

A Trojan is a program that appears legitimate, but performs illicit activity when it is run, such as stealing passwords, making the system more vulnerable to future entry, or simply destroying programs or data on the hard disk. LimeWire is a popular peer-to-peer file-sharing program, and iChat is Apple's instant messaging client.

Besides offering a hacker remote access to the system, the Trojan discovered by SecureMac can transmit system and user passwords. Additionally, the application can log keystrokes, take pictures with the built-in camera on a Mac, take screenshots, and turn on file sharing.

The program takes advantage of a flaw within the Apple Remote Desktop Agent. The program avoids detection by opening ports in the firewall and turning off system logging.

The Trojan is distributed as AppleScript called Asthtv05 or as an application bundle called Astht_v06. The filed must be downloaded and opened in order to infect a machine.

Malicious code targeting the Mac isn't new. Apple in May released a patch for a serious vulnerability within its iCal calendar application. The flaw made it possible for an attacker to exploit the vulnerability by adding or modifying files on a CalDAV server. The code is distributed as an .ics calendar file in an e-mail attachment, or through a malicious Web site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll