Image Image Image Image Image Image Image Image Image Image

EssentialMac | April 16, 2014

Scroll to top

Top

No Comments

A New Mac OS X backdoor Trojan, Sabpab, discovered

Mark
  • On 14/04/2012
  • http://Essentialmac.co.uk

Hot off the heels of the Flashback malware, Sophos has announced the discovery of a new Mac OSX Trojan, Sabpab, which uses the same Java vulnerability Flashback used, and just like Flashback, doesn’t need or require any user interaction to be installed.

The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

The Trojan creates the files

/Users/<user>/Library/Preferences/com.apple.PubSabAgent.pfile
/Users/<user>/Library/LaunchAgents/com.apple.PubSabAGent.plist

Encrypted logs are sent back to the control server, so the hackers can monitor activity.

The potential for abuse of compromised Macs should be obvious, given the Trojan’s functionality.

Remember this all comes about because of running Java on a Mac. If you can remove or uninstall java then do it. I’d love to see the number of Mac users that have to run java on their systems as that would dictate the amount of infection possible.

GD Star Rating
loading...
GD Star Rating
loading...

Submit a Comment

Why not chip in with your comments?