Categories
Hack News security Software

Komplex trojan surfaces for macOS, thought to exploit vulnerability in MacKeeper antivirus software

trojanhorse

Yet another chunk of malware for OS X/macOS to worry about.

Security researchers at Palo Alto Networks have identified a new trojan known as “Komplex”, which can download, execute, and delete files from an infected Mac. Interestingly, the Trojan will also save a PDF document to the infected system concerning the Russian space program.

The PDF document details planned Russian space projects from 2016 to 2025, but also acts as a decoy.


Komplex functions as a group of tools that will attempt to secretly communicate with its creators’ command-and-control servers. This includes sending back data on the version, username, and process list running on the infected system. The Trojan can also receive instructions, and it will forward the results to the control servers.

The software seems to exploit a known vulnerability in the worthless chunk of dreck that is the MacKeeper antivirus software and can trigger a Mac to execute remote commands upon visiting specially crafted web sites.

Victims might encounter this threat if they open a malicious link found an email.

An elite Russian hacking team known as Sofacy Group or Fancy Bear may have developed the Trojan, Palo Alto Networks added.

It also noted that two internet domains used by the Komplex Trojan, apple-iclouds.net and itunes-helper.net, have been associated with other cyber attacks attributed to the Russian hacking group.

The Fancy Bear group has been blamed for hacking conspicuous targets such as the Democratic National Committee.

Palo Alto Network said it doesn’t know how many systems have been infected with the Komplex Trojan, but it has no reason to believe it’s part of a widespread attack.

As always, stay tuned for additional details and please let us know if you’ve seen this on your end via the comments.

Via Macworld and the Palo Alto Networks blog

2 replies on “Komplex trojan surfaces for macOS, thought to exploit vulnerability in MacKeeper antivirus software”

Comments are closed.