• United States



by Ben Camm-Jones

New Mac OS X Trojan discovered

Apr 15, 20122 mins
AppleApplication SecurityCybercrime

Sabpab exploits same Java vulnerability as Flashback

Mac users should make sure they have applied Apple’s latest Java update and installed anti-virus software after a new Trojan targeting OS X was spotted in the wild.

Ironically discovered on Friday 13th, the new Trojan – Sabpab – uses the same vulnerability in the OS X’s Java plug-in to infect Macs, warns security firm Sophos.

It also doesn’t require any user interaction to infect a system either – just like Flashback – all that needs to happen is for you to visit an infected webpage.

“The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely,” said Graham Cluley, senior technology consultant at Sophos.

If you have updated Java on your Mac then you will be protected from the new threat, and most Mac anti-virus software will protect against Sabpab as well. Sales of security software for Mac apparently jumped after the discovery of the Flashback Trojan earlier this month.

Flashback was estimated to have infected more than half a million Macs worldwide and even managed to infect some systems in Cupertino, according to some reports, though this was never officially admitted by Apple.

Opinion: You are the biggest security risk to your Mac

However, Apple did come under fire for ‘dragging its feet’ as the vulnerability in Java that it exploits had been known of for more than six weeks before Flashback was discovered.

Apple has released a Flashback removal tool, though it will only work on the most common variants of the Trojan. Several security firms have also issued a tool to remove Flashback from Macs, though Kaspersky Lab was forced to withdraw its tool after it was found to be erasing user settings.