Remember when the Mac was a paradise free of malware exalted daily by Apple in its commercials? Well, these are ureous times that never come back. This week, Palo Alto Networks discovered another malware of high dangerousness wreaking havoc on Macs around the world.
The Trojan Horse, called "Komplex", was created by a group of Russian hackers known as Sofacy (and previously by other names like Pawn Storm, APT28 and Sednit), who became known this year for hacking into the systems of the U.S. Democratic Party and posting confidential files on the network. There are those who consider that the group is even financed by Moscow, although this is not a speculation pass.
The target of the new malware very specific: the aerospace industry. A sign of this is the fact that it infects the machines through an apparently harmless PDF file with the supposed future projects of the Russian Space Program.
The document appears to be legitimate, even opening normally in the MacOS Preview; however, when opened, malware downloads additional files that infect the machine, running and deleting files, and interacting with the machine itself kernel of the system a (quite) in-depth analysis of the agent's behavior is in the Palo Alto post itself.
Apple did not comment on the case, so we still do not know if the company will disable susceptibility to Trojan Horse in a future update of macOS; there is still no news of any antivirus for Mac that is able to identify and prevent the action of that malware. So if you receive top-secret plans from the Russian Space Program in the near future, resist temptation and don't open up. And, as always, be on the lookout for suspicious files in general.
(via Apple World Today)