"Xagent' malware arrives on Mac, steals passwords, screenshots, iPhone backups

["Dave Farber" <dave () farber net>]

---------- Forwarded message ---------
From: the keyboard of geoff goodfellow <geoff () iconia com>
Date: Wed, Feb 15, 2017 at 2:42 AM
Subject: 'Xagent' malware arrives on Mac, steals passwords, screenshots,
iPhone backups
To: Dave Farber <dave () farber net>, Dewayne Hendricks <dewayne () warpspeed com>,
Peter G. Neumann <neumann () csl sri com>
Cc: ip <ip () listbox com>, Michael Grant <mgrant () grant org>, Sam Baker <
j.samuel.baker () gmail com>


A Russian hacking group accused of interfering with last year's
presidential election has evolved its Xagent malware package, known for its
ability to infiltrate Windows, iOS, Android and Linux devices, to target
Macs, according to a report on Tuesday.

Uncovered by security research firm and antivirus builder Bitdefender, the Mac
strain
<https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/>
of
Xagent is similar to its predecessors in that it acts as a modular backdoor
<https://arstechnica.com/security/2017/02/new-mac-malware-pinned-on-same-russian-group-blamed-for-election-hacks/>
for
intruders, reports *Ars Technica*.

Once the malware is installed, likely through the Komplex downloader, it
checks for the presence of a debugger. If none is found, Xagent waits for
an internet connection to reach out to command and control servers, which
in turn activate specific payload modules, Bitdefender explains. As a Mac
malware, most C&C URLs impersonate Apple domains.

The Xagent payload includes modules capable of searching a target Mac's
system configuration, offloading running processes and executing code. More
troubling is the malware's ability to grab desktop screenshots, steal web
browser passwords and offload iPhone backups. The latter capability is
perhaps most important from an intelligence-gathering standpoint,
Bitdefender says.

While an exact lineage has yet to be determined, the security firm believes
APT28 is behind the Mac form of Xagent...

[SNIP]

http://appleinsider.com/articles/17/02/14/xagent-malware-arrives-on-mac-steals-passwords-screenshots-iphone-backups

-- 
Geoff.Goodfellow () iconia com
living as The Truth is True
http://geoff.livejournal.com

This message was sent to the list address and trashed, but can be found
online.
<https://www.listbox.com/login/messages/view/20170215024237:50584A3E-F352-11E6-8BCE-A201BDDDB970/>



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170215062519:6B96A1E6-F371-11E6-B99A-E55547F5D417
Powered by Listbox: http://www.listbox.com