OH JEEZ, THE SANCTITY OF THE Apple operating system continues to be whittled away at, and now two reasonably fresh backdoors have been revealed by a concerned security company.
Apple backdoors are much prized, just ask the FBI, so to have two in a day should be a thing to celebrate. But only if you like that kind of stuff.
The Malwarebytes blog dishes the dirt on the pair and the threat that they pose to people who use Macs.
One of them is XAgent, which Palo Alto Networks clocked onto in February. It is a nasty business indeed.
"The macOS variant of XAgent has ability to receive commands from threat actors via its command and control channel, but is also capable of logging keystrokes via its keylogger functionality," said Palo Alto about the trojan threat.
"XAgent uses HTTP requests to communicate with its C2 servers, which allows the threat actor to interact with the compromised system."
The next threat joins the RAT family of trojans.The remote access tool (RAT) called Proton, ProtonRat, or OSX.Proton.A, was also uncovered some days ago.
Malwarebytes says that the exploit was being sold on Russian forums, which is probably the first place that we would have looked for it.
This one even has a video to promote it (below). That video was uploaded in February and shows off the customisable features of the pain package. Malwarebytes, which may have a confusing new calendar, is shocked by the discovery of two threats in a week and concedes that they are not quite as threatening as they seem.
It revealed that the command and control servers for XAgent are offline, and that the promotional video for the Proton one hasn't had the desired effect.
"Unfortunately, thus far, no samples of the malware have been found. It does not appear to be in the VirusTotal database, and neither of the sites that appear to be associated with Proton (ptn[dot]is or protonsolutions[dot]net) are responding," it said of the latter.
"For now, this is a completely unknown threat with rather frightening apparent capabilities."
We'll stay cool for now, but cheers yo. µ
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites