Mac malware, possibly made in Iran, targets US defense industry

The malware has also been found targeting a human rights activist

Just because you’re using a Mac doesn’t mean you’re safe from hackers. That’s what two security researchers are warning, after finding a Mac-based malware that may be an attempt by Iranian hackers to target the U.S. defense industry.

The malware, called MacDownloader, was found on a website impersonating the U.S. aerospace firm United Technologies, according to a report from Claudio Guarnieri and Collin Anderson, who are researching Iranian cyberespionage threats.

The fake site was previously used in a spear phishing email attack to spread Windows malware and is believed to be maintained by Iranian hackers, the researchers claimed.

Visitors to the site are greeted with a page about free programs and courses for employees of U.S. defense companies Lockheed Martin, Raytheon, and Boeing.

The malware itself can be downloaded from an Adobe Flash installer for a video embedded in the site. The website will provide either Windows or Mac-based malware, depending on the detected operating system.

bait utc Iran Threats

A screenshot of the fake site. 

The MacDownloader malware was designed to profile the victim's computer, and then steal credentials by generating fake system login boxes and harvesting them from Apple's password management system, Keychain.

However, the malware is of shoddy quality and is "potentially a first attempt from an amateur developer," the researchers said.

For instance, once the malware is installed, it'll generate a fake Adobe Flash Player dialog box, only to then announce adware was discovered on the computer that it'll attempt to clean up.

"These dialogues are also rife with basic typos and grammatical errors, indicating that the developer paid little attention to quality control," the researchers said.

In addition, the malware failed to run a script to download additional malicious coding onto the infected Mac.  

But despite the shoddy quality, the malware still managed to evade detection on VirusTotal, which aggregates antivirus scanning engines.

The researchers found other circumstantial evidence that the malware is linked to Iran. An exposed server that the MacDownloader agent uploaded to showed wireless networks called "Jok3r" and "mb_1986." Both of these names have ties to previous Iranian hacking groups, including one known as Flying Kitten, which is suspected of targeting U.S. defense contractors and political dissidents.

In an email, Anderson said a colleague of theirs also observed MacDownloader targeting a human rights activist.

The danger is that many human rights supporters, especially in Iran, are dependent on Apple devices, the researchers said. "While this [malware] is neither sophisticated nor full-featured, its sudden appearance is concerning given the popularity of Apple computers," they wrote in their report.

Mac malware is fairly rare, according to security researchers. That's because hackers tend to attack Windows-based devices, because of their popularity.

However, Mac-based malware is still popping up here and there. Last month, researchers found another kind designed to spy on biomedical research centers. A separate Mac-based Trojan was found months earlier, targeting the aerospace industry. 

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?