What is it that makes this malware sophisticated? I didn't see anything about rootkits or process hiding / obfuscation. Is it not just a simple daemon that can be configured to monitor audio/video/keyboard and send the results back via an encrypted connection?
Can someone explain how the vicim gets infected?<p>As far as I can read from the article they discuss what happens if you are infected.<p>Also, isn't running binary files on OS X from let's say "Finder" automatically triggers Security alert ( like App-vendor lock )?
I feel the use of 'backdoor' here is misleading.<p>The software described would usually be classified as an Advanced Persistent Threat [1] or Rootkit [2]
Backdoor [3] usually refers to methods to sidestep authentication added by the vendor.<p><pre><code> 1: https://en.wikipedia.org/wiki/Advanced_persistent_threat
2: https://en.wikipedia.org/wiki/Rootkit
3: https://en.wikipedia.org/wiki/Backdoor_(computing)</code></pre>
Not sure whether to be amused, vindicated, or concerned that the most prominent conversation here on HN is terminology: "Is 'backdoor' the correct term?"<p>Malware, trojan, virus, rootkit, backdoor, squirglebunny (OK, I may have made that last one up).<p>There's not a lot of talk about the threat vector though - does anyone know how this infects systems?
Kaspersky, the most paid and legalized backdoor ever commercialized, ruining web experience of the average user. Although I'm glad they discover interesting things, I would love they stop messing with third parties http connection and html pages.
I think it's pretty funny that they go through all the trouble of making this for MacOS, yet it searches for only MS Office file extensions and not Apple's iWork extensions. It also seems to me that this all hinges on having gatekeeper disabled.
Looks like it's not only OS X - the OS X variant is newly discovered.<p>Title should be 'OS X Variant of Backdoor Discovered', shouldn't it?<p>"OS X variant of a cross-platform backdoor which is able to operate on all major operating systems (Windows,Linux,OS X). Please see also our analysis on the Windows and Linux variants."
That list of directories is really weird. On my machine, none of them exists, neither in ~/Library nor /Library. And I do run most of that software (Dropbox, Skype, Firefox, Chrome in the past...).<p>Either the malware targeted very old versions of such software and/or OSX, or somebody between the malware author and the blog writer f###ed up.
I'm curious why my Malware app wouldn't be on top of this? I did a search for it here: <a href="https://blog.malwarebytes.com/threats/" rel="nofollow">https://blog.malwarebytes.com/threats/</a><p>Is it too new a threat? Outside the scope of my Malware app?
1. This is not a backdoor, it's malware or an exploit.<p>2. This is not specific to OS X, it affects many operating systems, so this sounds like an attempt at slandering software that someone doesn't like, or has a reason not to like.
Are video captures actually possible? I could imagine video capture as part of a RAT, but what scares me is the idea of video capture that doesn't turn on the camera activity light. Are there any examples of that?
Useless article makes no mention of how this gets into the system at all. Plus its not all that sophisticated or a backdoor. Nor do they point out that Apple was notified before posting this.
I thought MacOS was "Secure By Design". This is what Apple states in their official product descriptions.<p>In fact, it says it on this current page:<p><a href="http://www.apple.com/business/mac/" rel="nofollow">http://www.apple.com/business/mac/</a><p>"Because OS X is secure by design, there’s no need for IT to install additional tools or lock down functionality for employees. And with an automated zero-touch deployment process, they don’t even have to open the box."