Now that Flashback has officially been dealt with (for now), it appears that another trojan is in town to make Macs quiver with fear. “LuckyCat” is a backdoor SabPub trojan that also exploits a Java vulnerability, but this time through Microsoft Word. It scurries in through a hole in Word that lets malware spread via documents with the CVE-2009-0563 vulnerability.
“This new threat is a custom OS X backdoor, which appears to have been designed for use in targeted attacks,” says Costin Raiu, a lab expert from security company Kaspersky. “The backdoor contains functionality to make screenshots of the user’s current session and execute commands on the infected machine.”
Kaspersky — which traced the trojan back to a website controlled from Fremont, CA — suspects LuckyCat is intended as a cyber weapon in world politics. Seems it may have been deployed to target Pro-Tibetan organizations. According to another security company, FireEye, Tibetan activists are hit with even more attacks than the U.S. government.
Even so, it doesn’t mean everyday users aren’t vulnerable too. And as of yet, there is no user-friendly diagnostic tool or solution to combat LuckyCat. But now that this has gone public, you can bet that a MS Office for Mac software patch will be forthcoming.
For the step-by-step geekery on how Kaspersky pinpointed LuckyCat, hit up the source link.
The days of Macs living in relative safety are decidedly over. If you’re an OS X user, you should definitely get yourself some anti-malware protection. Whether it helps in this specific instance or not, one thing’s practically guaranteed — as Apple products grow in popularity, more attacks are sure to come.