A website about the Dalai Lama is hosting attack code that attempts to install spyware on the Macs of those who visit the site.
The backdoor trojan, dubbed Dockster by antivirus providers, has the ability to capture the keystrokes of infected machines. It also provides an interface that allows attackers to download and execute additional malware, according to this brief analysis from F-Secure. Dockster was uploaded to the VirusTotal malware detection service on Friday, presumably by attackers who wanted to see if it was detected by AV services, according to a separate post from competing AV provider Intego.
The exploit uses a now-patched vulnerability in Oracle’s Java software framework, the same Java bug that was used earlier this year to infect hundreds of thousands of Mac machines with malware known as Flashback. An update that patches the hole has since been released, and recent changes in OS X also remove a Java-based plugin from default versions of the operating system. However, users of older installations, or those that have changed default settings could still be at risk.
Dockster is not the first Mac-based threat to hit those sympathetic to Tibet’s conflict with the Chinese government. Earlier this year, researchers uncovered another malware that targeted pro-Tibetan OS X users.
The exploit has been active since at least November 27th. While the site is also pushing out a Windows based malware, that set of exploits do not appear to work.