Koobface turns eyes towards Macs
A version of the Koobface worm, which uses social networks to spread, has been discovered targeting Macs.
A Mac version of the infamous Koobface worm has been discovered for the first time.
The malware propagates via social networks like Facebook and Twitter, and once installed via a Trojan horse, it implants a rootkit, a backdoor as well as a command and control centre.
Intego's Virus Monitoring Centre had been tracking the Mac version of the worm but did not feel compelled to issue a release about it given the low risk it posed.
The security firm has discovered a number of infections in the wild, although they have not caused any noticeable damage.
"Either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files," Intego said.
"While this is an especially malicious piece of malware, the current Mac OS X implementation is flawed and the threat is therefore low."
Koobface attackers use social engineering tricks to get users to click on a link, which will direct the target to a malicious website that will then try to load a Java applet.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
This will bring up a standard Mac OS X Java security alert and if the user clicks Allow' the applet will run and try to download files from one or more remote servers.
"If files are downloaded, they are stored in an invisible folder (.jnana) in the current user's home folder," Intego explained.
"These files include elements designed to infect Mac OS X, Windows and Linux. The Java applet should also download an installer that will then launch and attempt to install the malware."
Koobface was first spotted in 2008, using subject headers such as "You look just awesome in this new movie," to lure users in.
Earlier this year, it emerged Koobface attackers were tracking the success of their fake YouTube pages.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.