New Mac virus making the rounds, uses MaControl backdoor

Earlier this year, Macs around the world were infected by a malware called Flashback and it looks like theres another one on the way. Kaspersky Lab has now detected a malware that seems to be targeted at Uyghur activists using Macs. Kaspersky Lab is terming the attack as an APT (advanced persistent threat). It appears the virus spreads via email. Victims get a mail with a zip file in it, the zip file contains a JPG image and a Mac OS X application. The application present in the zip file is a MaControl backdoor and it infects both i386 and PowerPC Macs. Once the user runs the application, the virus is connected to a control server on the internet from which it is sent commands. Other operations such as listing and transferring files can also be done. Remote command orders can also be sent from the control server. Kaspersky detects the virus under the alias - Backdoor.OSX.MaControl.b.



Kaspersky Lab has detected that the control server is located somewhere in China, based on the IP address that the backdoor virus contacts. There are also several spelling mistakes found in the comments and debug information. Kaspersky expects these kinds of APT attacks to increase on Macs. Apples products have been secure from worms, viruses and hackers, until now.

Earlier this year, a malware by the name of Flashback was found infecting Macs. Experts called it the worst security disaster to have hit Macs. Almost 5,50,000 Macs were estimated to have been infected. The Flashback trojan was said to have been spreading around the world over a span of a few months. Its target was Macs and Macbooks running the OS X platform. The U.S was said to have the the majority of all infected Macs with some 56.6 percent of infections followed by Canada and the United Kingdom.



The heart of the exploit used by that malware was in Java and the systems were infected after users visited a link that fires up some Javascript code. There are a whole bunch of sites that have such infected pages. There were also some reports of users finding the malicious code on dlink.com. The exploit allowed an executable file to be downloaded to the infected PC, after which instructions and additional data are downloaded by it from a remote server. The trojan didnt infect files or data on the Macs, but its said that those controlling the trojan were able to do whatever they wished.


This incident seems to to be the second large outbreak of malware for the Macs. The malware was only discovered a few days back and there is no confirmed number of Macs that have been infected so far. As days go by, a more clearer image is likely to emerge.