Categories: SecurityWorkspace

Mac Trojan Is Cyber Spying Tool, Say Experts

A Mac Trojan aimed at Apple systems is actually a cyber espionage tool that can be bought online from an Italian hacking group, security researchers have claimed.

The malware, which is being sold in competition to tools such as FinSpy, which British firm Gamma International has been accused of selling to repressive regimes in Egypt and Bahrain, has various names – Crisis, Morcut and DaVinci – and operates as a backdoor, providing attackers remote acess to infected systems.

Research from Russian firm Dr. Web noted the Mac Trojan was developed by an Italian organisation called HackingTeam – a claim backed up by F-Secure’s chief research officer Mikko Hypponen – and it comes with rootkit technologies to hide itself.

This is the first time a piece of Mac malware has been seen with rootkit capabilities, Dr. Web said. It can also infect Windows machines and the security firm said a mobile version was known to exist.

For criminals or governments?

“The Trojan saves and transmits information about the infected machine to criminals, acts as a key logger, can take screenshots, and intercept e-mail, ICQ [an instant messaging computer program], Skype messages and data captured by a microphone or video camera connected to a computer,” Dr Web blogged.

“In addition, the backdoor has a large set of tools to bypass anti-virus software and firewalls, so it may run unnoticed in a system for a long time.

“HackingTeam criminals call their brainchild a 21st-century weapon and sell BackDoor.DaVinci.1 as a remote control and espionage solution.”

The HackingTeam claims to work for law enforcement and intelligence communities, not for criminals. It openly advertises its Da Vinci “hacking suite for governmental interception” on its website.

Hypponen said on Twitter that what the HackingTeam were offering was a competitor to the FinSpy software offered by British firm Gamma International, which has been implicated in selling surveillance gear to repressive regimes in Egypt and Bahrain. The UK government is currently being threatened with legal action unless it places tighter controls on the export of technology such as FinSpy.

Trend Micro issued its own post on the malware today, saying it would not run on the latest Mac OS, Mountain Lion, which was released earlier this week. However, its “apparent inability to run on Mountain Lion may be premature, as we know malware creators are capable of ‘updating’ and spawning variants within hours,” Trend said.

“With Mountain Lion’s release, it is likely that we will soon see newer samples, or even a new threat, that will attempt to target Mountain Lion.”

No attacks using the Trojan, which can infect older Mac systems than Mountain Lion, have been seen in the wild.

Many have warned cyber criminals will increasingly target Apple Macs as they grow in popularity. The Flashback Trojan that infected over 600,000 Macs was viewed as a sign of things to come.

Like Internet anonymity? Try our Anonymous quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago