New SabPub Mac Trojan Found to Be Linked to APT Attacks

Updated on: 2012-04-16 || Source:
Security researchers from Kaspersky have found a new piece of malware that currently targets Mac OS X users. It’s called OSX.SabPub and it’s a backdoor Trojan that’s connected to the advanced persistent threat (APT) attacks known as Luckycat.

According to experts, currently there are at least two variants of SabPub, one of them being created sometime in February 2012.

Distributed in spear-phishing attacks and hiding as Microsoft document files, it’s believed that the piece of malware is designed to target Tibetan activists.

After performing a series of tests using a decoy system, Kaspersky Lab experts have been able to identify that the bot’s command and control (C&C) server was hosted on a VPS in Freemont, United States.

The cybercriminals that run the campaign have manually checked the “goat” system in an attempt to extract sensitive information from it.

“The attackers took over the connection and started analysing our fake victim machine. They listed the contents of the root and home folders and even stole some of the goat documents we put in there!,” Kaspersky’s Costin Raiu wrote.

While the variant of SabPub created in February leverages security holes in found in Microsoft Office products, the newer version, developed in March, exploits Java vulnerabilities, similar to Flashback.

“The Java exploits appear to be pretty standard, however, they have been obfuscated using ZelixKlassMaster, a flexible and quite powerful Java obfuscator. This was obviously done in order to avoid detection from anti-malware products,” Raiu explained.

Currently, the APT that’s behind SabPub is active, researchers being confident that new variants will be seen in the upcoming days or weeks.

Unlike MaControl, another backdoor that was making the rounds in February 2012, SabPub is considered to be more effective because it managed to stay undetected for one month and a half.


Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.


Sign up to received our free newsletter!
E-mail ID:


Views: 5288 Times
Create a realistic folded paper text in Photoshop READ MORE
Views: 2822 Times
Google imagines environment-aware mobile adverts READ MORE
Views: 2838 Times
Spoof newspaper executive tweeter accused of hacking READ MORE
Views: 6467 Times
Motherboard Port Guide: Solving Your Connector Mystery READ MORE
Views: 7385 Times
PHP: Create Your Own MVC (Part 1) READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2019. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe