• Home
  • Mac
  • News
  • OS X
  • New ‘LuckyCat’ Mac Trojan is Spread Via Microsoft Word Documents

New ‘LuckyCat’ Mac Trojan is Spread Via Microsoft Word Documents

New ‘LuckyCat’ Mac Trojan is Spread Via Microsoft Word Documents

There’s a new version of a backdoor trojan in the wild for OS X which spreads via an exploit in Microsoft Word. The “LuckyCat” variant allows take over by a remote user.

AppleInsider:

The latest variant of the attack known as “LuckyCat” was discovered and detailed by Costin Raiu, Kasperskky lab expert. He found that a dummy infected machine was taken over by a remote user who started analyzing the machine and even stole some documents from the Mac.

“We are pretty confident the operation of the bot was done manually — which means a real attacker, who manually checks the infected machines and extracts data from them,” said Raiu in a post on SecureList.

The new Mac-specific trojan, called “Backdoor.OSX.SabPub.a,” infects the targeted machine via a Java exploit. It then spreads through Microsoft Word documents exploiting a vulnerability known as “CVE-2009-0563.”

This new trojan stayed undetected for over a month and a half before it came alive and data was manually obtained from the infected computer.

There are at least two variants of the “SabPub” trojan, which is being classified as an “active attack”.

  1. 617562 885341Id always want to be update on new content on this website , saved to fav! . 835133

  2. 49004 805103Straight towards the point and nicely written! Why cant every person else be like this? 148918

  3. 437839 745767This really is a great subject to talk about. Generally when I find stuff like this I stumble it. This article probably wont do well with that crowd. I will be sure to submit something else though. 5998

  4. 183148 950876Hello! I basically would like to give a huge thumbs up for the wonderful info youve here on this post. I may be coming back to your weblog for a lot more soon. 968104

Leave a Reply

Your email address will not be published. Required fields are marked *