This new backdoor reminds everyone that, indeed, the myth that Mac is safe is, well, a myth.
Exploiting a vulnerability in a component of Apple Remote Desktop, this malware detected by Trend Micro as BKDR_HOVDY.A, runs hidden on an affected operating system and allows a remote malicious user to escalate privileges to root. Also this backdoor is capable of performing the following functions, giving remote users complete remote access to an affected system:
- Add a hidden admin user
- Collect user account information on the affected system and send it to a remote user
- Open ports in the firewall and turn off system logging
- Enable personal Web sharing and open Web sharing ports in the firewall
- Install and execute LogKext for its keylogging routine
- Disable update-checking for the current user
- Take pictures with the built-in Apple iSight camera and take screenshots
In Washington Post’s blog entry, this malware was developed by a group of hackers who named the code Applescript Trojan horse template. The malware-writers discussed the code in a user forum on the Web site Macshadows.com, where talks of distributing the malware through peer-to-peer applications were also seen, as SecureMac reports. All content from the said user forum has been removed.
Upon installation, the backdoor attempts to exploit two vulnerabilities in Mac OS X to be able to install itself without the user’s consent. Interestingly, one of the two vulnerabilities is a recently reported bug that hasn’t been patched yet, while the other is quite old, and has been patched by Apple since 2006. This suggests that malware authors are counting on both new and old bugs in getting their malicious programs into user systems.
Also from the same report by Washington Post were comments from someone who is reported to be one of the authors of the backdoor. He told Washington Post that despite Apple’s declaration of OS X’s security, they fail confirm their own statement themselves; thus users like him are left to find out for themselves if it is true.
Users are advised to install critical patches upon release by Apple. And again, caution in downloading files always keeps malware away from systems.