Mac Backdoor Used in Attacks Against Uighur Activists
A new Mac OS X backdoor is being distributed as part of email-based attacks against Uighur activists, according to security researchers from antivirus firm Kaspersky Lab.
The Uighur are a Turkic ethnic group living primarily in the Tarim Basin in the Xinjiang Uighur Autonomous Region of China. As is the case with Tibet, there is an international activist movement that calls for the independence of this region and an end to alleged human rights violations against Uighurs in China.
An advanced persistent threat (APT) campaign targeting Uighur activists was detected on June 27, Costin Raiu, director of Kaspersky's global research and analysis team, said in a blog post on Friday.
The campaign consisted of rogue emails written in Uighur and accompanied by a ZIP file attachment. The ZIP archive contained a new version of a Mac OS X backdoor called Macontrol that supports both i386 and PowerPC Macs, Raiu said.
Once installed on a Mac computer, the backdoor connects to a command and control server located in China and allows attackers to list and transfer files, as well as execute other commands on the infected machine.
A different version of the same Mac backdoor was used earlier this year in attacks against Tibetan activists, Jaime Blasco a security researcher with security firm AlienVault said in a blog post on Friday.
Other Uighur-themed malicious emails seen recently distributed a Windows remote access trojan (RAT) program that calls back to the same command and control server in China as the Mac backdoor, Blasco said. This Windows RAT was also previously used in attacks against Tibetan activists.
The increasing popularity of Mac computers and their adoption by high profile targets will cause the number of APT attacks targeting the Mac OS X platform to grow, Raiu said. "Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."