Yesterday, Kaspersky Labs expert Costin Raiu reported about a new Mac OS X backdoor variant that is believed to target Uyghur activists, groups working to eliminate ethnic discrimination against the Turkic ethnic group living in China’s northwestern Xinjiang region. Hours after Kapersky’s revelation another cyber security firm AlienVault Labs claimed to found a Windows variant of the malware, using Gh0st RAT. The malwares are believed to be originated in China and used against high profile activists and groups including Tibetans, Uyghurs and other groups on the ASEAN zone.
The Kaspersky Labs intercepted the new advanced persistent threat (APT) campaign three days ago. The new malware is a new Mac OS X variant which spreads through a zip file attachment. The zip file sent with mails contains the backdoor app and an image. The application supports both i386 and PowerPC platforms. When executed the application installs itself and allows the attacker (believed to be a C+C server in China with the IP address 61.178.77.*) to run commands, list files, and transfer files.
Kaspersky Labs warns against a possible increase in such attacks in future with increasing numbers of Mac OS X users and their high profile adoptions.