A new development of 2012, targeted attacks (APTs) against human rights now often include malware specifically designed to compromise Macs. Mac users have long thought they’re safe, for a variety of reasons including: “nobody ever targets us” (not anymore!), “Macs are based on Unix so have additional security” (not if new vulnerabilities are found, or you choose to run the program), and “we’re not using Internet Explorer or Outlook so most threats don’t work” (other software can be just as buggy).
One region in particular has started using malware “bundles” that detect the target’s operating system and serve up the appropriate program to compromise computers within NGOs and other human rights organizations. This is a relatively new development, with names starting to become more familiar: e.g. SabPab (related to the known LuckyCat campaign), Lamadai, and MacControl. This also coincided with the rise of the Flashback botnet – a Mac-specific botnet believed to at one point be over 600,000 strong. In this talk we’ll look at targeted Mac malware, observe similarities and differences to “conventional” targeted attacks, and go over some end-of-year thoughts as to where Mac malware may be going next.