Russian Hackers Target OS X with New Trojan

Mac users who haven’t yet updated from OS X El Capitan to the brand new macOS Sierra might want to make doing so a priority. According to security site Dark Reading, there is a new Trojan out in the wild that is targeting OS X. Any machines running any incarnation of the OS X operating system could be vulnerable to the threat.

The initial discovery of the Trojan was by a Palo Alto Networks research team, who codenamed the threat “Komplex.” The researchers said that the Trojan is the work of Fancy Bear, a Russian cyber espionage and hacking group. Fancy Bear has made American headlines frequently this year, hacking and leaking emails from the Democratic National Committee and former Secretary of State Colin Powell. Fancy Bear is also known as the Sofacy Group.

So far, attackers have placed Komplex onto victims’ machines by way of a phishing email. The Trojan comes disguised as a file that purports to be a PDF. The Palo Alto Networks report on the Trojan says that the download contains multiple “binders,” one of which opens a decoy document using Mac’s Preview application. The document is related to the Russian Space Program, which is why this particular attack is believed to be targeting someone in the aerospace agency.

The decoy document is only there to assuage any suspicion that the user might have about the PDF download. The true goal of the download is code execution, which starts as soon as the user opens the downloaded file. The executable installs a payload on the system, which then checks for an Internet connection that it can use to communicate back to a server. The Trojan can send back an array of information, including system version, username, and process list. It can also download new files to the Mac computer, open existing files, or delete files.

In the past, the Sofacy Group has mainly targeted Windows machines. It was through Windows hacks, for instance, that the group got ahold of political emails this year. Palo Alto Networks went as far as to call the Komplex Trojan the first time that Fancy Bear has gone after a Mac operating system. According to the Dark Reading report, another security firm—CrowdStrike—said that Fancy Bear had created tools to attack OS X in the past.

In any case, Komplex is a major security threat against the OS X operating system. It would be a good idea to follow breaking developments on this Trojan and its perceived targets. In the meantime, update your machine to macOS Sierra to keep yourself protected.