Mac OS X Trojan is spotted by Kaspersky and Sophos

A TROJAN targeting Mac OS X operating systems has been spotted by anti-virus vendors Kaspersky and Sophos.

Referred to as Backdoor.OSX.SabPub.a by Russian security vendor Kaspersky Lab and named SX/Sabpab-A by anti-virus software developer Sophos, the malware is targeted towards Mac OS X and is in the same vein as the recent Flashback Trojan.

Just like Flashback, the Trojan exploits Java vulnerabilities, requiring no user interaction to infect its unsuspecting victims.

Sophos senior technology consultant Graham Cluley said that the malware was detected a few days ago but probably has been floating around for some time, arriving in such forms as "mal-formed booby-trapped word documents".

He said, "The Trojan is an example of another form of malware that requires no user interaction - users can get it simply by visiting a website and allows a remote hacker to steal data, or install more code."

Cluley affirmed that the Trojan is not as dangerous as Flashback but is "another nail in the coffin that macs can't get viruses".

The Trojan was compiled with debug information, making it easily analysed, but this might also suggest that it will not be the last.

Those wanting to check for infection should look for the following files: /Library/Preferences/com.apple.PubSabAgent.pfile and /Library/LaunchAgents/com.apple.PubSabAGent.plist.

Cluley said that it's probable the malware was made by hackers with agendas against particular organisations. "A particular example would be Chinese hackers attacking Tibet, but it's hard to prove, it could be anyone," he said.

Although the Trojan isn't as dangerous as Flashback, the bad news is that these types of malware are likely to increase as Mac OS X becomes more susceptible to attacks. It also gives Mac users a better reason to protect their systems with anti-virus software. µ