New SabPub Mac Trojan Found to Be Linked to APT Attacks

Updated on: 2012-04-16 || Source:
Security researchers from Kaspersky have found a new piece of malware that currently targets Mac OS X users. It’s called OSX.SabPub and it’s a backdoor Trojan that’s connected to the advanced persistent threat (APT) attacks known as Luckycat.

According to experts, currently there are at least two variants of SabPub, one of them being created sometime in February 2012.

Distributed in spear-phishing attacks and hiding as Microsoft document files, it’s believed that the piece of malware is designed to target Tibetan activists.

After performing a series of tests using a decoy system, Kaspersky Lab experts have been able to identify that the bot’s command and control (C&C) server was hosted on a VPS in Freemont, United States.

The cybercriminals that run the campaign have manually checked the “goat” system in an attempt to extract sensitive information from it.

“The attackers took over the connection and started analysing our fake victim machine. They listed the contents of the root and home folders and even stole some of the goat documents we put in there!,” Kaspersky’s Costin Raiu wrote.

While the variant of SabPub created in February leverages security holes in found in Microsoft Office products, the newer version, developed in March, exploits Java vulnerabilities, similar to Flashback.

“The Java exploits appear to be pretty standard, however, they have been obfuscated using ZelixKlassMaster, a flexible and quite powerful Java obfuscator. This was obviously done in order to avoid detection from anti-malware products,” Raiu explained.

Currently, the APT that’s behind SabPub is active, researchers being confident that new variants will be seen in the upcoming days or weeks.

Unlike MaControl, another backdoor that was making the rounds in February 2012, SabPub is considered to be more effective because it managed to stay undetected for one month and a half.


Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.


Sign up to received our free newsletter!
E-mail ID:


Views: 5394 Times
Semi Transparent Backgrounds READ MORE
Views: 2904 Times
EBay sets aggressive 2015 targets, shares climb READ MORE
Views: 2802 Times
Facebook launches patent counterattack against Yahoo READ MORE
Views: 5648 Times
How To Hack Windows Password READ MORE
Views: 7191 Times
How to Install Avira Free Antivirus 2012 READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2019. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe