New malware targeting Mac OS X a 'wake-up call' for Apple users

At least two new malware apps targeting Mac users have arrived on the scene, both of which exploit vulnerabilities in Microsoft Word to steal users’ data.

In a recent blog post, Kaspersky Lab Expert Costin Raiu said he saw a direct connection between the two newly discovered versions of the SabPub bot and LuckyCat.

The Mac OS X SabPub Trojan horse exploits a vulnerability that was patched three years ago; the earliest version appears to have been created and used in February, Raiu said. LuckyCat is an advanced persistent threat targeting businesses and political groups in Asia. It was discovered last month.

Related story:

Flashback infections of Apple's OS X prove no one is safe

SabPub is installed when a user opens an infected Word document; there is no username or password prompt when it installs, Graham Cluley, senior technology consultant at Sophos, wrote on his blog. The Trojan also opens and displays a Word document written in a foreign script and apparently related to Tibet as camouflage.

“Although there's no reason to believe that this attack is widespread, it's clearly time for some people to wake up to the reality of Mac malware,” Cluley wrote. Many Mac users have been cavalier about security, as historically there have been few malicious attacks on the operating platform. However, the number of Mac threats has risen in recent months.

Marcus Carey, a security researcher with vulnerability management company Rapid7, echoed Cluley’s sentiments. “I think this is a wake-up call that people running OS X need to start patching and updating their systems more,” he said in a Wired article. “Patching is the No. 1 thing anyone can do to protect their computer.”

Recently, cyber criminals have been using the same techniques to target Macs as they have in the PC world, Dave Marcus, director of advanced research and threat intelligence at McAfee Labs, told Wired.

The news comes on the heels of Apple releasing a patch for Flashback, a Trojan horse virus that spread by disguising itself as a Flash update and exploited a Java vulnerability. Security experts estimate more than 500,000 machines were infected by the malware, the most widespread attack on Apple’s operating system to date.

However, although infection rates for Flashback, also knows as “Flashfake,” are dropping, as GCN reported, some cybersecurity professionals have accused Apple of not being as proactive and transparent about security issues as it could be, Reuters reported.

"While it's encouraging to see Apple taking steps to eradicate the Flashfake Trojan, they're late to the party,” Michael Sutton, vice president of security research at Zscaler ThreatLabZ, told Reuters. "Unfortunately, Apple has a long history of putting blinders on when it comes to dealing with security researchers."

About the Author

Kathleen Hickey is a freelance writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected