September 27, 2016 by

Russian DNC Hackers Accused of Developing a Mac OS X Trojan

Researchers from security firm Palo Alto has pointed to Russian hackers behind the hack of the Democratic National Committee (DNC) as the developers of a new Trojan targeting Mac OS X machines in the aerospace industry.

A new malware that relies on social engineering before exploiting a prominent vulnerability in OS X’s MacKeeper security software can gain access to machines for a comprehensive compromise, according to security researchers’ findings.

The infamous Russian hacking group that is known by a raft of names including Sofacy Group, Fancy Bear and Pawn Storm, among others, is also believed to have hacked into NATO and European organizations across the military sector.

The Trojan, according to researchers, is capable of downloading additional malicious files to the system besides the ability to execute or delete files from storage. Titled the “Komplex Trojan”, the tool has been used in attacks on individuals from the aerospace industry, a blog post read.

It added:

The Sofacy group created the Komplex Trojan to use in attack campaigns targeting the OS X operating system – a move that showcases their continued evolution toward multi-platform attacks.

The Trojan bears characteristics with the group’s Carberp malware, another Trojan that frequently compromises PC and OS X systems that also uses the same command-and-control server. This server harvests information such as running processes and identities from the targeted machine. Furthermore, the malware also executes commands sent from the server.

Pointing to a decoy PDF document that is put to use by the Trojan, the file in question describes the Russian Federal Space Program’s projects over the next decade between 2016 and 2025.

Researchers added:

We do not have detailed targeting information regarding the  Sofacy group’s attack campaign delivering Komplex at this time; however, based on the contents of the decoy document, we believe that the target is likely associated with the aerospace industry.

Image credit: Pexels.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Banking Malware Spin-Off Targets Twitter, Facebook Accounts

A sophisticated strain of malware based on the Zeus trojan has been discovered monitoring and...

Read more arrow_forward

UK Cybersecurity Chief Blames Russia for Cyberattacks

The head of the UK GCHQ’s National Cyber Security Centre (NCSC) has accused Russia of staging...

Read more arrow_forward

US Identifies Six Russian Govt Officials Involved in DNC Hack

The US Justice Department has reportedly gathered enough evidence to charge six Russian government...

Read more arrow_forward