Cyber security firm Bitdefender says it has recently uncovered a new type of malware which targets Mac OS X users. The company says the malware, which it has dubbed Xagent, is capable of stealing passwords, taking screenshots and pulling out iPhone backups stored on the machine.
Bitdefender says it still can’t be absolutely certain who is behind the malware, but all evidence points into the direction of the APT28 cybercrime group. The company says this group uses the same dropper / downloader, as well as the same control centre URLs. On top of that, Bitdefender says same artefacts have been hardcoded in the binary files.
“Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation,” Bitdefender said in a blog post.
“For once, there is the presence of similar modules, such as FileSystem, KeyLogger and RemoteShell, as well as a similar network module called HttpChanel.”
The malware contains modules that can scan the infected system for hardware and software configurations, find a list of running processes, as well as run additional files. It can grab desktop screenshots and pull out passwords stored in the browser. Bitdefender's previous research into APT28 is available here.
Photo Credit: andriano.cz/Shutterstock