Risk
6/25/2008
08:32 AM
50%
50%

Another Security Threat Aimed At Macs Found On The Web

Security vendor Intego said the latest malware masquerading as a program for Mac OS X is called "PokerGame."

Another Trojan targeting the Mac has been found on the Web, as the number of malicious applications increases with the growing popularity of Apple computers.

Security vendor Intego discovered the latest malware masquerading as a program for Mac OS X called "PokerGame." The application is a script wrapped in an executable bundle that's distributed by e-mail as a Zip file.

When opened, the "PokerStealer Trojan" asks the victim for his administrator's password. If it's given, the program then opens a secure shell, or SSH, on the Mac to establish communications with a remote server, Intego said. SSH is a network protocol that allows data to be exchanged using a secure channel between two computers.

Once communications between the infected computer and server have been established, the Trojan sends the user name and password, along with the IP address of the Mac. After gaining access to the computer, hackers can attempt to take control of them, delete files, damage the operating system, or perform other tasks.

Intego first reported the Trojan on Friday, a day after security vendor SecureMac reported finding multiple variants of a Trojan also capable of letting a hacker remotely commandeer a Mac.

The malicious code was being distributed from a hacker Web site, where there had been discussions on distributing the Trojan through iChat and LimeWire, said SecureMac, which gave the Trojan a "critical" security rating. The program can infect Mac OS X 10.4 and 10.5 machines.

A Trojan is a program that appears legitimate, but performs illicit activity when it is run, such as stealing passwords, making the system more vulnerable to future entry, or simply destroying programs or data on the hard disk. LimeWire is a popular peer-to-peer file-sharing program, and iChat is Apple's instant messaging client.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.