“The malware, called MacDownloader, was found on a website impersonating the U.S. aerospace firm United Technologies, according to a report from Claudio Guarnieri and Collin Anderson, who are researching Iranian cyberespionage threats,” Kan reports. “The fake site was previously used in a spear phishing email attack to spread Windows malware and is believed to be maintained by Iranian hackers, the researchers claimed.”
“Visitors to the site are greeted with a page about free programs and courses for employees of U.S. defense companies Lockheed Martin, Raytheon, and Boeing,” Kan reports. “The malware itself can be downloaded from an Adobe Flash installer for a video embedded in the site. The website will provide either Windows or Mac-based malware, depending on the detected operating system.”
“The MacDownloader malware was designed to profile the victim’s computer, and then steal credentials by generating fake system login boxes and harvesting them from Apple’s password management system, Keychain. However, the malware is of shoddy quality and is ‘potentially a first attempt from an amateur developer,’ the researchers said,” Kan reports. “The malware failed to run a script to download additional malicious coding onto the infected Mac. But despite the shoddy quality, the malware still managed to evade detection on VirusTotal, which aggregates antivirus scanning engines.”
Read more in the full article here.
MacDailyNews Note: If you receive what you believe to be a phishing email purporting to be from Apple, send it to email@example.com, a monitored email inbox, which does not generate individual email replies.
Forwarding the message with complete header information provides Apple with important information. To do this in OS X Mail, select the message and choose Forward As Attachment from the Message menu.