New Malware Targets Macs, Steals iPhone Backups
Macs continue to be targeted by some of the same Russian spies blamed for hacking into the Democratic National Committee servers in 2016, but now they apparently have newer tools that target iPhones as well.
According to a new report, the spies have strengthened the Komplex macOS/OS X Trojan so that it not only steals passwords and screenshots, but can extract iPhone backups.
Photo credit: Jeremy Lips/Laptop Mag
This is according to the team at Bitdefender Labs, which announced in a blog post yesterday (Feb. 14) that it found this new sample of Komplex. This tool is commonly attributed to the Sofacy group of Russian military intelligence, also known as APT28, also known as Pawn Storm, also known as Fancy Bear.
Once Komplex lands inside a Mac (previous instances used targeted spear phishing attacks) it sends the data back to HQ using a network of command and control servers that impersonate Apple websites. After checking for antivirus software to see if the coast is clear, it spawns infinitely looping communication threads that send system information, desktop screenshots, browser-saved passwords and even locally-stored iPhone backups, back to its home base.
So what should you do?
Be wary of clicking on links and opening attachments in unsolicited emails, even if they appear to come from friends or co-workers. Install and run Mac antivirus software that scans email attachments. Komplex and similar Trojans can be hidden in any kinds of files, including PDFs and images.
The average citizen, though, shouldn't be looking out for this specific attack. This new flavor of Komplex will likely target journalists, politicians, think-tank staffers and military personnel, those with trade secrets that spies are looking to pilfer.