A fourth variant of the notorious Mac-focused malware used for stealing data from machines of Tibetan activists, OSX/Tibet.D, has been found in the wild.
Originating in China, the malware was first discovered in March 2012. Its sole purpose is cyber espionage, and it was dubbed "Tibet" as it was found in e-mails specifically targeting Tibetan activists.
According to Intego security researcher Lysa Myers, OSX/Tibet.D has learned some cunning new tricks.
She says the attack arrives via a Java applet on a Web site. "This drops a Java archive with the backdoor and launches it without a user, by way of a Java vulnerability."
Once installed, the malicious code opens a backdoor to the affected computer, which gives the cyber criminals sight and access of files on the machine, as well as running commands.
The malware uses two recently patched Java vulnerabilities, CVE-2013-2465 and CVE-2013-2471.
Myers advises those who have not patched, to do so as soon as possible.
Share