According to researchers from Sophos a new Mac OS X malware has been discovered. The Sabpab Trojan horse just like the notorious Flashback leverages Java vulnerability (CVE-2012-0507) to infect a system.
Experts say that Sabpab is in many ways a basic backdoor. The virus uses HTTP to connect with C&C and allows hackers to do basically what they want. Cybercrooks behind the virus can easily grab whatever data they want and download whatever module they think is appropriate.
The Trojan creates two files in the /Users/<user>/Library/Preferences/ directory. Hackers are able to control and monitor their bots via encrypted logs that are sent to C&C servers on regular basis.
Sabpab is not considered to be as widespread as Flashback but it still indicates the need of protecting Macs against the current threats. Sophos experts point out that even though Apple claims Mac to be a completely protected environment, it’s users might be exposed to different threats and they need to be protected.
“It's time for Mac users to wake up and smell the coffee. Mac malware is becoming a genuine issue, and cannot be ignored any longer” – say experts.
Sophos advisory is accessible here.
