Security researchers from Kaspersky have found a new piece of malware that currently targets Mac OS X users. It’s called OSX.SabPub and it’s a backdoor Trojan that’s connected to the advanced persistent threat (APT) attacks known as Luckycat.
According to experts, currently there are at least two variants of SabPub, one of them being created sometime in February 2012.
Distributed in spear-phishing attacks and hiding as Microsoft document files, it’s believed that the piece of malware is designed to target Tibetan activists.
After performing a series of tests using a decoy system, Kaspersky Lab experts have been able to determine that the bot’s command and control (C&C) server was hosted on a VPS in Freemont, United States.
The cybercriminals that run the campaign have manually checked the “goat” system in an attempt to extract sensitive information from it.
