Hot off the heels of the Flashback malware, Sophos has announced the discovery of a new Mac OSX Trojan, Sabpab, which uses the same Java vulnerability Flashback used, and just like Flashback, doesn’t need or require any user interaction to be installed.

The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

The Trojan creates the files

/Users/<user>/Library/Preferences/com.apple.PubSabAgent.pfile
/Users/<user>/Library/LaunchAgents/com.apple.PubSabAGent.plist

Encrypted logs are sent back to the control server, so the hackers can monitor activity.

The potential for abuse of compromised Macs should be obvious, given the Trojan’s functionality.

Remember this all comes about because of running Java on a Mac. If you can remove or uninstall java then do it. I’d love to see the number of Mac users that have to run java on their systems as that would dictate the amount of infection possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.