Malware roundup: Tiffany's, Tibetans, iOs are targeted

Upscale retailer and activists attracted pushers of malicious software this week, and an uncommon iOS pest surfaced as well.

Malware writers turned their attention this week on Tiffany's and Tibetan activists, as well as targeting Mac computers and Android phones.

Spam messages claiming to be from upscale retailer Tiffany & Co. began appearing in inboxes this week.

Spotted by security firm Sophos, the text of the messages inform the recipient that they've received a payment from the company, and they need to open an attachment to the message to confirm the payment.

The attachment contains the Mal/BredoZp-B Trojan. The malware will install a backdoor on your computer as well as steal all your user names and passwords.

Malware aims closely

While the Tiffany scam was targeted at a broad audience, a malware program called Win32/Syndicasec.A has a very specific target: Tibetans.

Analyzed by security firm Eset, the malware has an infection radius limited to Nepal and China and has a history dating back to 2010.

Like the Tiffany malware, the Tibetan bad app installs a backdoor on an infected machine, which is used by a miscreant to issue commands to the computer. While Eset couldn't pinpoint the purpose of the malware's pusher, it noted that the threat is similar to other espionage campaigns against Tibetan activists.

Pests target Apple

Meanwhile, security researchers found more samples this week of a spyware program targeting Apple's OS X operating system.

The malware, which has various names including KitM, Kumar, and HackBack, is another backdoor program that captures screenshots of an infected machine and ships them back to a command-and-control server operated by cyber bandits. It also allows them to execute commands on the infected machine.

The latest samples of the malware date back to December 2012 and use a Christmas card dodge to spread, according to security firm F-Secure.

What's alarming about all variants of the malware is they're signed with a valid Apple developer's ID, which allows them to be trusted by OS X's Gatekeeper security subsystem.

The malware can be thwarted, however, by changing the security settings in OS X to allow only software from the Mac App Store to be installed on your computer.

Attacks on Android

The Android world was also afflicted with a new malware program this week. Called Android.Pincer.2.origin, it was discovered by Russian security firm Dr. Web.

What the Trojan does is intercept SMS messages and forward them to a server operated by byte thieves. Since a growing trend in online authentication is to verify a user's login with a code sent by SMS message to a cell phone, grabbing those messages could be handy for unauthorized access to an account.

If Android users are careful, however, they can avoid the malware. It's spread through a bogus security scam. That means it must be installed manually on an Android device by its owner.

Moreover, the NextWeb reports that theA malware hasn't been found on Google Play, where most Android users get their apps.

"[I]t appears to be meant for precise attacks, as opposed to being aimed at as many users as possible," the NextWeb said.

Copyright © 2013 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022