Unix and macOS malware

In our search for various types of malicious code for Mac we recently came across a rather interesting peculiarity in Safari. It turns out that Safari for Mac OS, like many other contemporary browsers, can restore the previous browsing session. In other words, all the sites that were open in the previous session – even

Over the last few months we have seen a series of very similar targeted attacks being blocked in our Linux Mail Security Product.

In partnership with researchers at AlienVault Labs, we ve analysed a series of targeted attacks against Uyghur Mac OS X users which took place during the past months.

Yesterday, Jens ‘atom’ Steube, which most people know as the author of ‘hashcat’ – a GPU accelerated password recovery tool, released his Gauss cracker as open source software under a GPL license

This section of the report forms part of the Kaspersky Security Bulletin 2012 and is based on data obtained and processed using Kaspersky Security Network (KSN).

This is Kaspersky Lab’s annual threat analysis report covering the major issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity.

A few days ago, an interesting piece of Linux malware came up on the Full Disclosure mailing-list. It’s an outstanding sample, not only because it targets 64-bit Linux platforms and uses advanced techniques to hide itself, but primarily because of the unusual functionality of infecting the websites hosted on attacked HTTP server – and therefore working as a part of drive-by download scenario.

According to KSN data, Kaspersky Lab products detected and neutralized over 1 billion threats in Q2 2012.

This sample named Backdoor.OSX.Morcut was distributed using social engineering techniques via a JAR file with the name AdobeFlashPlayer.jar and allegedly signed by VeriSign Inc.

On July 3rd, we’ve noticed a new APT campaign entitled “Dalai Lama’s birthday on July 6 to be low-key affair”

Two days ago we intercepted a new APT campaign using a new MacOS X backdoor variant targeted at Uyghur activists. The application is actually a new, mostly undetected version of the MaControl backdoor (Universal Binary), which supports both i386 and PowerPC Macs.

According to KSN data, Kaspersky Lab products detected and neutralized almost 1 billion malicious objects in Q1 2012.

The following statistics were compiled in April using data collected from computers running Kaspersky Lab products

In 2011, Apple was estimated to account for over 5% of worldwide desktop/laptop market share. This barrier was a significant one to break – Linux maintains under 2% market share and Google ChromeOS even less.

Flashback/Flashfake is a family of malware for Mac OS X.