Sabpab Mac OS X Trojan discovered
New Trojan exploits same Java vulnerability as Flashback
By Ben Camm-Jones | Macworld UK | Published: 09:40, 16 April 2012
A new Trojan targeting Mac OS X by exploiting a Java vulnerability has been spotted in the wild.
Discoverd on Friday 13 April, the new Sabpab Trojan uses the same vulnerability in the OS X's Java plug-in to infect Macs, warns security firm Sophos.
It also doesn't require any user interaction to infect a system either - just like Flashback - all that needs to happen is for you to visit an infected webpage.
Related Articles on Techworld
"The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely," said Graham Cluley, senior technology consultant at Sophos.
If you have updated Java on your Mac then you will be protected from the new threat, and most Mac anti-virus software will protect against Sabpab as well. Sales of security software for Mac apparently jumped after the discovery of the Flashback Trojan earlier this month.
Flashback was estimated to have infected more than half a million Macs worldwide and even managed to infect some systems in Cupertino, according to some reports, though this was never officially admitted by Apple.
However, Apple did come under fire for 'dragging its feet' as the vulnerability in Java that it exploits had been known of for more than six weeks before Flashback was discovered.
Apple has released a Flashback removal tool, though it will only work on the most common variants of the Trojan. Several security firms have also issued a tool to remove Flashback from Macs, though Kaspersky Lab was forced to withdraw its tool after it was found to be erasing user settings.