Another Mac Trojan Detected, Potentially Bigger Than the First

Mashable

Fresh off the news that more than 650,000 Mac computers have been infected with a nasty Trojan horse virus called “Flashback,” another Apple threat is on the prowl.

[More from Mashable: Oscar de la Renta to Live-Pin Bridal Show on Pinterest]

According to anti-virus software provider Kaspersky Lab, a Trojan called SabPub -- or more formally, Backdoor.OSX.SabPub.a -- has recently been spreading via Java and could be infecting computers when people open email messages with suspicious links that direct users to malware.

"The Flashback and the SabPub Trojans are totally different," Alex Gostev, chief security expert of Kaspersky Lab, told Mashable. "SabPub is classic backdoor Trojan, so it opens full access to a victim's system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people’s search engine results inside their web browsers."

[More from Mashable: New iPad Arrives in 12 Additional Countries Friday]

That said, the latest malware has the potential to reach far more computers than the Flashback Trojan.

"The SabPub Trojan could reach more people than the Flashback Trojan," Gostev said. "In February, SabPub was exploiting a Microsoft Word vulnerability, which was fixed long time ago, by using Java exploit in a more effective way. It has the potential to affect more people because it uses the Java exploit for a drive by download, meaning people can click on URLs with malware via email."

Gostev also noted that SabPub is also being used to attack specific targets: "It would seem that the attackers have an extremely select list of victims that is not very large."

Although Mac users may think they are safe from viruses, Kaspersky Lab noted that before 2012 about 300 variants of Mac malware had been detected. Now, however, more than 70 have been detected in the past three months.

SEE ALSO: Find Out if Your Mac Has the Flashback Trojan -- the Fast and Easy Way

Last week, Apple released a security patch for Java that prevents the Flashback Trojan -- called "Flashfake" -- from exploiting the vulnerability to infect computers. Since then, Kaspersky Lab said it has seen a decline in the number of active bots for Flashfake, dropping from more than 650,000 infected computers to just 237,000.

However, the decrease in infected bots does not mean the botnet is on its way out. The numbers represent the active bots connected to Flashfake during the past few days – it is not the equivalent of the exact number of infected machines. Infected computers that were inactive during Easter weekend would not be communicating with Flashfake, which makes them not appear as an infected bot, Kaspersky said.

Gostev advises that all Mac users stay up to date with their Apple software: “We recommend users update their systems immediately with the latest security update from Apple.”

Image courtesy of iStockphoto, Henrik5000

This story originally published on Mashable here.

View Comments (24)