Fresh Mac-targeted malware has been detected, which creates a backdoor on a user’s machine.
According to the Hacker News, the Trojan known as “Leverage” has not exploited large numbers of users yet, but Apple has responded by updating its XProtect to detect the Trojan and prevent it from launching.
Taking advantage of two Java vulnerabilities, researchers found that the attack launches from a Java applet from a compromised website which drops to a Java archive, opening a backdoor to the user’s computer. Once installed, the Trojan connects to the command and control server on port 7777, used by the iChat server file transfer proxy.
According to F-Secure’s threat report for the first half of 2013, a total of 33 new families and variants of Mac malware were uncovered in the first half of 2013. It also discovered that Mac malware was signed by a developer in order to bypass the Gatekeeper protection which restricts the running of unapproved applications.
Last year, Apple was petrified by the Flashback botnet which was estimated to have impacted around 500,000 endpoints and used drive-by download techniques.
AlienVault’s Eduardo De la Arada said that for those who suspect that they have been infected with this malware, users should look in UserEvent app in /Users/Shared/ folder and remove it. “This avoids the malware to start on new computer starts-up. On the other hand, right now the C&C is down, so you can start a service listening on port 7777 and verify if the malware is already running in your box,” he said.
Its research found that the virus is written in Realbasic, and this provides the possibility to build the code to Windows and Linux platforms.
