Sabpab Trojan: Mac Users Have Another Foe To Look Out For

If you have yet to equip your Mac with Apple's latest Java update to protect it from the Flashback trojan said to infect over 600,000 devices, now might be a good time to do it. Apparently, there's another trojan making rounds on unprotected Macs.

Graham Cluley, a senior technology consultant at computer security firm Sophos explained in an April 13 blog post that this new backdoor trojan, dubbed "Sabpab," connects to a control server using HTTP and follows the orders of hackers who can enter a victim's computer, upload and download files, run commands and take screenshots.

This malware is similar to the Flashback trojan, writes Cluley, in that it doesn't require user interaction to infect a device and it takes advantage of the same vulnerabilities in Java software.

According to Costin Raiu, director of global research and analysis at IT security company Kaspersky Lab, the malware is being spread through Word documents that exploit these Java vulnerabilities. Raiu published his own findings on the trojan, which he calls Backdoor.OSX.SabPub.a.

Raui discovered that there are actually two variants of the trojan in existence -- the earliest version was supposedly created in February, while the more recent one was created in March. As Cult of Mac pointed out, Raiu believes the more recent version of the trojan may have been released as part of the Pro-Tibetan attacks on Mac OSX users that also took place in March and spawned malware like "Luckycat." Raui also notes that the IP address of the website from which hackers are controlling and commanding the trojan was also used in the "Luckycat" malware attacks.

To check if your Mac has been infected with this new trojan, Forbes suggests that users search for these files on their devices:



But whether you're sure your Mac has been hit or not, it's best to be proactive with your Mac's security by keeping its software up to date. You can access Apple's most recent updates by downloading them here or manually updating your software by following these instructions here.

Popular in the Community