Computers and Technology

Home Computers and Technology

New Mac malware pinned on same Russian group blamed for election hacks

  • LiberalArkie (4099 posts)
    Profile photo of LiberalArkie Donor

    New Mac malware pinned on same Russian group blamed for election hacks

    DAN GOODIN – 2/14/2017, 3:40 PM

    APT28, the Russian hacking group tied to last year’s interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs.
    Like its counterparts for other platforms, the Mac version of Xagent is a modular backdoor that can be customized to meet the objectives of a given intrusion, researchers from antivirus provider Bitdefender reported in a blog post published Tuesday. Capabilities include logging passwords, snapping pictures of screen displays, and stealing iOS backups stored on the compromised Mac.

    The discovery builds on the already considerable number of tools attributed to APT28, which other researchers call Sofacy, Sednit, Fancy Bear, and Pawn Storm. According to researchers at CrowdStrike and other security firms, APT28 has been operating since at least 2007 and is closely tied to the Russian government. An analysis Bitdefender published last year determined APT28 members spoke Russian, worked mostly during Russian business hours, and pursued targets located in Ukraine, Spain, Russia, Romania, the US, and Canada.

    “Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation,” the Bitdefender researchers wrote in Tuesday’s report. “For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel.”


    dEEDeeNL likes this

You must be logged in to reply to this topic.

  • arendt (1432 posts)
    Profile photo of arendt

    1. Et tu, arsTechnica?

    Geez, it is wall-to-wall blame Russian, hate Russia week.

    They are throwing everything they can at the wall to see what sticks.

    The computer community continues to conflate a hacker who lives in Russia (or even the Ukraine) with state-sponsored intelligence goons. If it came from Russian, Putin did it.

    The whole Fancy Bear thing was debunked when it came out. Years old Ukranian malware.

    The entire post rests upon repeating the unproven claim that this “Russian hacking group” is run by the Russian Government.

    • dEEDeeNL (108 posts)
      Profile photo of dEEDeeNL Banned

      2. re:Et tu, arsTechnica? —–> Conde Nast —–>
      The company attracts more than 164 million consumers across its 18 brands and mediums: Allure, Architectural Digest, Ars Technica, Bon Appétit, Brides, Condé Nast Traveler, Epicurious, Glamour, Golf Digest, GQ, The New Yorker, Pitchfork Media, Self, Teen Vogue, Vanity Fair, Vogue, W, Wired, and Reddit

      YUCK: corporate media!

      • arendt (1432 posts)
        Profile photo of arendt

        3. They have been very strong in cutting edge hitech for decades

        If I want to know what’s going on in computer tech, ArsTechnica has been the best. Computer tech is unavoidably corporate – a state of the art silicon fab costs billions.

        I said, et tu, because now they have stepped into politics.