Select Page

Malware Xagent Fools Mac Users

by | Feb 15, 2017 | Apple, Blog, Business Technology, Home Technology, Mobile Computing, Security, Viruses and Malware

  • Facebook
  • Twitter
  • LinkedIn
A malware agent that fools Mac users into downloading has been reported by appleinsider as “evolved its Xagent malware package, known for its ability to infiltrate Windows, iOS, Android and Linux devices, to target Macs, according to a report on Tuesday.”  The malware steals passwords and iPhone backups. MacRumors says this malware is “reportedly created by Russian hacking group APT28, has been discovered, and this version targets Mac users.”  ars Technica reports about this hacking group, “APT28, the Russian hacking group tied to last year’s interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs.”

Bitdefender discovered this sophisticated malware and writes in its report, “This modular backdoor with advanced cyber-espionage capabilities is most likely planted on the system via the Komplex downloader.” Wikipedia reports that its predecessor version “X Agent or XAgent is a malware program designed to collect and transmit hacked files from iPhones to servers operated by hackers. It employs phishing attacks and the program is designed to “hop” from device to device.” This new version has been fooling Mac users and you should be wary of downloading anything from an untrusted web site. Apple constantly warns you when downloading anything since basically when you see the Apple warning on your Mac before you download something, that is the last warning. Once you download it and click on installing its all over.

This new report comes just a week after a previous report from appleinsider which states, “Today’s development comes less than a week after security researchers discovered a new Mac malware seemingly originating out of Iran. Called “MacDownloader,” the nefarious software attempts to fool users into downloading the package by presenting a fake Adobe Flash Player dialog, then — inexplicably and in this case ironically — another window claiming to be an “Adware Removal Tool by Bitdefender.” c/net reports, “APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials,” the FBI and DHS said in their report. “Once APT28 and APT29 [another Russian hacking group] have access to victims, both groups exfiltrate and analyze information to gain intelligence value.”

So if you are targeted, what can you do to prevent this sophisticated malware from your Mac?  It is simple. Don’t download anything from an untrusted web site. These web sites mimic trusted web sites so be extra careful to look at the url of the web site to see if it is a trusted url. Downloading from trusted web sites like the Apple App Store, Adobe, Microsoft Office for Mac, or other trusted web sites have unique urls. These fake web sites mimic a trusted web site but the urls are different. If you are not sure, contact us for assistance.