“Bitdefender notes a number of similarities between the malware attacks against Macs — which have been taking place since September 2016 — and previous campaigns by the group, believed to be closely linked to Russia military intelligence and also dubbed Fancy Bea,” Palmer reports. “Known as Xagent, the new form of malware targets victims running Mac OS X and installs a modular backdoor onto the system which enables the perpetrators to carry out cyberespionage activities.”
“Analysis of the malware reveals the presence of modules which will probe the infected system for hardware and software configurations, collect information on running processes, harvest desktop screenshots, and steal passwords,” Palmer reports. “Xagent is also capable of stealing iPhone backups stored on a compromised Mac.”
Read more in the full article here.
MacDailyNews Take: The most likely attack vector appears to be via “MacKeeper.”
Do not install MacKeeper. Certainly do not buy MacKeeper. If you have MacKeeper, uninstall it now.
MacKeeper scamware leaks 13 million Mac owners’ data, leaves passwords open to easy cracking – December 15, 2015
Security researcher claims to have downloaded sensitive data from 13 million accounts of MacKeeper scamware app – December 14, 2015
MacKeeper buyers ask for refunds in droves following class-action lawsuit – October 23, 2015
MacKeeper customers can file a claim to get their money back – August 10, 2015
Don’t waste your money on OS X snake oil for your Mac – July 28, 2015
How to detect and remove MacKeeper and keylogger malware on your Mac – July 17, 2015
Controversial MacKeeper security program opens critical hole on Mac computers – May 12, 2015
What ‘MacKeeper’ is and why you should avoid it – January 21, 2015
How to uninstall MacKeeper from your Mac – December 19, 2014