Risk
6/25/2008
08:32 AM
50%
50%

Another Security Threat Aimed At Macs Found On The Web

Security vendor Intego said the latest malware masquerading as a program for Mac OS X is called "PokerGame."

Another Trojan targeting the Mac has been found on the Web, as the number of malicious applications increases with the growing popularity of Apple computers.

Security vendor Intego discovered the latest malware masquerading as a program for Mac OS X called "PokerGame." The application is a script wrapped in an executable bundle that's distributed by e-mail as a Zip file.

When opened, the "PokerStealer Trojan" asks the victim for his administrator's password. If it's given, the program then opens a secure shell, or SSH, on the Mac to establish communications with a remote server, Intego said. SSH is a network protocol that allows data to be exchanged using a secure channel between two computers.

Once communications between the infected computer and server have been established, the Trojan sends the user name and password, along with the IP address of the Mac. After gaining access to the computer, hackers can attempt to take control of them, delete files, damage the operating system, or perform other tasks.

Intego first reported the Trojan on Friday, a day after security vendor SecureMac reported finding multiple variants of a Trojan also capable of letting a hacker remotely commandeer a Mac.

The malicious code was being distributed from a hacker Web site, where there had been discussions on distributing the Trojan through iChat and LimeWire, said SecureMac, which gave the Trojan a "critical" security rating. The program can infect Mac OS X 10.4 and 10.5 machines.

A Trojan is a program that appears legitimate, but performs illicit activity when it is run, such as stealing passwords, making the system more vulnerable to future entry, or simply destroying programs or data on the hard disk. LimeWire is a popular peer-to-peer file-sharing program, and iChat is Apple's instant messaging client.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.