New Mac espionage trojan targets Dalai Lama supporters

A website related to the Dalai Lama is hosting attack code that attempts to surreptitiously install OS X-based spy software on the Macs of people who visit.

The backdoor trojan, dubbed Dockster by antivirus providers, has the ability to capture the keystrokes of infected machines. It also provides an interface that allows attackers to download and execute additional malware, according to this brief analysis from F-Secure. Dockster was uploaded to the VirusTotal malware detection service on Friday, presumably by attackers who wanted to see if it was detected by AV services, according to a separate post from competing AV provider Intego.

The drive-by attacks exploit a now-patched vulnerability in Oracle's Java software framework. CVE-2012-0507 is the same Java bug used earlier this year to infect more than 500,000 Mac users with malware known as Flashback. Oracle has since released an update that patches the hole, and recent changes introduced by Apple also remove a Java-based plugin from default versions of OS X. But users who are using older installations or have changed default settings could still be susceptible.

Read 2 remaining paragraphs | Comments