Skip to main content
  1. Home
  2. Computing
  3. News

Possible Russian hacker network may be responsible for new MacOS malware

By

google perspective machine learning machack feat
Image used with permission by copyright holder
A particularly virulent form of cyberattack was identified when the Stuxnet malware wreaked havoc at Iran’s nuclear processing facilities. Discovered in 2010, the attack resulted in the creation of a new term, “advanced persistent threat” (APT), to designate a cyberattack that is intended to break into a particular target and work over a long period of time at stealing data or breaking down infrastructure.

But the Stuxnet attack was not the first example of an APT. Another, a hacker network dubbed APT28 and linked by some sources with Russian government or criminal elements, has been at work since 2007 targeting a number of industries and sectors in Ukraine, Spain, Russian, Romania, the U.S., and Canada. Anti-malware software company Bitdefender generated a report on APT28 in 2016 and has provided an update on its Bitdefender Labs blog connecting it to new MacOS malware.

Recommended Videos

The specific malware, called Xagent, is cross-platform software that also attacks iOS devices to steal contact and location information, apps lists, photos, and more. The MacOS version of Xagent is aimed at gaining access to passwords, taking screenshots, and most important breaking into iPhone backups to grab the same data as the iOS version.

Bitdefender has now connected the MacOS version of Xagent with APT28: “Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the MacOS binary that currently forms the object of our investigation. For once, there is the presence of similar modules, such as FileSystem, KeyLogger and RemoteShell, as well as a similar network module called HttpChanel.”

In addition, the Xagent sample that Bitdefender’s researchers examined connect to the same command-and-control web address that’s the same as the ones used by APT28. Bitdefender is still conducting its analysis but at least initially it appears that APT28 operators may now have a new tool — compromised MacOS machines — to use in attacking government agencies, political figures, telecommunications, ecrime services, and aerospace companies.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
This dangerous new Mac malware steals your credit card info
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.

The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.

Read more
macOS Sonoma public beta review: more than just screensavers
Craig Federighi introducing macOS Sonoma at Apple's Worldwide Developers Conference (WWDC) in June 2023.

It’s that time of year again when Apple launches all of its new operating systems into public beta and invites a brave public to sift through bugs and crashes to find the nuggets of gold that Apple has been working on. With macOS Sonoma now in public beta, the big question is this: should you upgrade your Mac?

Well, this year’s update has been a rather modest one, with few truly standout features. After all, you know it’s an unexceptional update when Apple leads its list of new features in macOS Sonoma with screen savers.

Read more
How macOS Sonoma could fix widgets — or make them even worse
Apple's 15-inch MacBook Air on a desk, with macOS Sonoma running on its display.

At its Worldwide Developers Conference (WWDC) earlier this year, Apple revealed that interactive widgets would be coming to macOS Sonoma. That probably sounds like a tiny new feature, and sure, it’s not as earth-shattering as the Vision Pro announcement. But it could turn out to be one of the most divisive new features in the Mac operating system.

In macOS Sonoma, you’ll be able to plant widgets on your desktop instead of hiding them in the Notification Center. Many widgets will be interactive, letting you tick off to-do list items without opening the widget’s app, for example. And you’ll be able to run iOS widgets right on your desktop, even if that app isn’t installed on your Mac. It’s a pretty comprehensive overhaul. Depending on how well these interactive widgets work, though, we could be left with a bunch of annoying distractions or a set of super-helpful timesavers. The way Apple handles them is going to be vital.
We've been here before

Read more