Bitdefender, renowned IT security/antivirus firm, has identified that the latest strain of Xagent for Mac is being used as a backdoor for intruders. After the malware is installed via Komplex downloader, it looks for a debugger’s presence and if it isn’t found it waits for network connection to be enabled to contact its C&C servers. The attackers then activate specific payload modules.
A Russian hacking group APT28 is believed to be playing a role in the development of tools to infiltrate and infect systems that run on Windows, iOS, Linux and Android. Perhaps now their primary target has become Mac devices, which is why we are receiving reports about one Mac malware after another.
“Xagent’ malware infects Mac, steals passwords, iPhone backups and screenshots.”
In their blog post published on Tuesday, Bitdefender
The aspect that hinted at the involvement of APT28 [Pdf] in the distribution of Xagent is the file path located in the malware’s binary file that showed the writer of Komplex developed it. Komplex is a first-stage Trojan that was used by Sofacy too to compromise devices. According to the findings of Bitdefender researchers, Xa
The APT28 group has been active since 2007 and shares close ties with the Russian government. The group’s members are well-versed in Russian and operate according to Russian business timings while they usually attack Ukraine, Romania, US, Canada and Spain, which probably are facts that led to the assumption that it is linked with Russia.
Last year another group going by the handle of FancyBears leaked sensitive documents from World Anti-Doping Agency (WADA) exposing several athletes involved in doping. The same group was also blamed for targeting MH17 crash investigators with a spear-phishing campaign. As a result; security researchers concluded a close relationship between APT28 and FancyBears.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.