Researchers from security firm Palo Alto has pointed to Russian hackers behind the hack of the Democratic National Committee (DNC) as the developers of a new Trojan targeting Mac OS X machines in the aerospace industry.
A new malware that relies on social engineering before exploiting a prominent vulnerability in OS X’s MacKeeper security software can gain access to machines for a comprehensive compromise, according to security researchers’ findings.
The infamous Russian hacking group that is known by a raft of names including Sofacy Group, Fancy Bear and Pawn Storm, among others, is also believed to have hacked into NATO and European organizations across the military sector.
The Trojan, according to researchers, is capable of downloading additional malicious files to the system besides the ability to execute or delete files from storage. Titled the “Komplex Trojan”, the tool has been used in attacks on individuals from the aerospace industry, a blog post read.
The Sofacy group created the Komplex Trojan to use in attack campaigns targeting the OS X operating system – a move that showcases their continued evolution toward multi-platform attacks.
The Trojan bears characteristics with the group’s Carberp malware, another Trojan that frequently compromises PC and OS X systems that also uses the same command-and-control server. This server harvests information such as running processes and identities from the targeted machine. Furthermore, the malware also executes commands sent from the server.
Pointing to a decoy PDF document that is put to use by the Trojan, the file in question describes the Russian Federal Space Program’s projects over the next decade between 2016 and 2025.
We do not have detailed targeting information regarding the Sofacy group’s attack campaign delivering Komplex at this time; however, based on the contents of the decoy document, we believe that the target is likely associated with the aerospace industry.
Image credit: Pexels.