Skip to main content

Possible Russian hacker network may be responsible for new MacOS malware

google perspective machine learning machack feat
A particularly virulent form of cyberattack was identified when the Stuxnet malware wreaked havoc at Iran’s nuclear processing facilities. Discovered in 2010, the attack resulted in the creation of a new term, “advanced persistent threat” (APT), to designate a cyberattack that is intended to break into a particular target and work over a long period of time at stealing data or breaking down infrastructure.

But the Stuxnet attack was not the first example of an APT. Another, a hacker network dubbed APT28 and linked by some sources with Russian government or criminal elements, has been at work since 2007 targeting a number of industries and sectors in Ukraine, Spain, Russian, Romania, the U.S., and Canada. Anti-malware software company Bitdefender generated a report on APT28 in 2016 and has provided an update on its Bitdefender Labs blog connecting it to new MacOS malware.

The specific malware, called Xagent, is cross-platform software that also attacks iOS devices to steal contact and location information, apps lists, photos, and more. The MacOS version of Xagent is aimed at gaining access to passwords, taking screenshots, and most important breaking into iPhone backups to grab the same data as the iOS version.

Bitdefender has now connected the MacOS version of Xagent with APT28: “Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the MacOS binary that currently forms the object of our investigation. For once, there is the presence of similar modules, such as FileSystem, KeyLogger and RemoteShell, as well as a similar network module called HttpChanel.”

In addition, the Xagent sample that Bitdefender’s researchers examined connect to the same command-and-control web address that’s the same as the ones used by APT28. Bitdefender is still conducting its analysis but at least initially it appears that APT28 operators may now have a new tool — compromised MacOS machines — to use in attacking government agencies, political figures, telecommunications, ecrime services, and aerospace companies.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
macOS Ventura launches with Stage Manager and redesigned apps
Stage manager in macOS Ventura.

Many months after being announced at WWDC 2022, macOS Ventura has now exited beta and is available to download for all.

In addition to a bright orange new wallpaper, the update comes with a number of new features, including Stage Manager, Continuity Camera, and a host of redesigned apps.

Read more
Thanks, I hate it: Someone installed macOS on a Steam Deck
macOS Catalina running on a Steam Deck.

Yesterday we got the news that Apple might bring macOS to the iPad Pro. Today, someone has managed to get macOS to run on a Steam Deck. And tomorrow? I’m betting we’ll see macOS installed on a toaster. You heard it here first.

Back to the Steam Deck. The feat was achieved by enterprising Reddit user Lampa183, who apparently was able to get macOS Catalina running inside a VirtualBox virtual machine on their device. In other words, this is several layers of operating systems and emulation. But the result is worth it … right?

Read more
Apple could launch a Frankenstein iPad Pro that runs macOS
ipad pro 2021.

People have been complaining for years that Apple should just merge its mobile and desktop operating systems, and they might finally see their wish come true -- sort of. That’s because a new rumor claims Apple is working on bringing macOS to the M2 iPad Pro, but it could be nothing more than a tall tale.

The rumor comes from leaker Majin Bu on Twitter, who claims their sources have told them Apple is working on a “smaller” version of macOS that would be exclusively for the M2 iPad Pro, which Apple has only just released.

Read more