Russian hackers thought to be responsible for hacking the emails of Hillary Clinton are now using the same malware to target Mac users, security experts have claimed.
According to Bitdefender Labs, malware created by APT28, a group of hackers who allegedly have links to the Russian security services, is infecting devices running Mac OS.
Bitdefender says the malware, called X-Agent, is used to in a number of different ways to gather personal information and passwords from victims.
Primarily it is being used to steal the usernames and accounts passwords from victims, as well as to take screenshots from the infected device.
Bitdefender also says that hackers are using the malware to access iPhone backups stored on infected Macs.
However, the security firm adds that it is not yet clear how the malware is being spread, although experts suspect that a trojan horse downloader dubbed Komplex could be responsible for infiltrating Mac OS.
The trojan horse is a well used, but still highly effective way for cyber criminals to spread malware or ransomware online.
Trojan horses are disguised as software that may appear safe or of no threat to the victim, such as an email attachment. The email can sometimes even be designed to look like it has come from a familiar source, such as a friend or well known organisation.
Once installed the malware detects if antivirus software is present on the infected device. If it is then it self destructs and removes itself.
However, if no antivirus is present then the malware waits until and internet connection has been established then starts communicating with servers belonging to the the hackers.
Despite users believing Apple devices are less susceptible to viruses and malware, Bitdefender says that in order to prevent their devices being infected, Mac users should still install antivirus software and also avoid opening any suspicious look email attachments.
“The sample we are discussing today has been linked to the Mac OSX version of X-Agent component from Sofacy/APT28/Sednit APT,” said Bitdefender.
“This modular backdoor with advanced cyber-espionage capabilities is most likely planted on the system via the Komplex downloader.”
Via: Mac Rumours