Nuevo troyano “más infeccioso que Flashback” afecta a los Mac

A menos de una semana de que Flashback y sus derivados causaran alarma entre los usuarios de Mac OS, Kaspersky anunció la aparición de un nuevo código malicioso para el sistema operativo. Según reportó Mashable, se trata de SabPub, un troyano que también se esparce por medio de un código de Java.

Este nuevo troyano se ‘contagia’ por medio de enlaces que aparecen en correos electrónicos. Cuando el usuario les hace clic, se descarga un programa que, como explica Alex Gostev, experto jefe de seguridad de Kaspersky, “le ofrece a los atacantes acceso total al sistema de la víctima”.

Hasta ahora lo más probable es que no sea una amenaza masiva, pues, según Gostev, “parece que los atacantes tienen una lista extremadamente selecta de víctima, que no es muy amplia. Sin embargo, sí podría llegar a serlo. Mashable dice que la forma en la que se esparce hace que tenga “el potencial de alcanzar muchos más computadores que el troyano Flashback”.

SabPub no es, en realidad, una amenaza nueva. Se trata de la versión más reciente de un troyano que se aprovechaba de una vieja vulnerabilidad de Microsoft Word para Mac para lograr su cometido. Ese ‘hueco’ de seguridad ya había sido solucionado por Microsoft en su momento.

Según Kaspersky, antes de 2012 se habían detectado cerca de 300 variantes de software maligno para Mac, aunque en los últimos tres meses ya van más de 70 amenazas. Como siempre, la recomendación para que su Mac esté protegido es mantener al día las actualizaciones del sistema operativo.

Another Mac Trojan Detected, Potentially Bigger Than the First

Fresh off the news that more than 650,000 Mac computers have been infected with a nasty Trojan horse virus called “Flashback,” another Apple threat is on the prowl.

According to anti-virus software provider Kaspersky Lab, a Trojan called SabPub — or more formally, Backdoor.OSX.SabPub.a — has recently been spreading via Java and could be infecting computers when people open email messages with suspicious links that direct users to malware.

“The Flashback and the SabPub Trojans are totally different,” Alex Gostev, chief security expert of Kaspersky Lab, told Mashable. “SabPub is classic backdoor Trojan, so it opens full access to a victim’s system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people’s search engine results inside their web browsers.”

That said, the latest malware has the potential to reach far more computers than the Flashback Trojan.

“The latest version of the SabPub Trojan can infect more people than previous versions of this malware, which appeared earlier this year,” Gostev said. “In February, SabPub was exploiting a Microsoft Word vulnerability, which was fixed long time ago. The latest version of SabPub uses the Java exploit to spread infection in a more effective way because the Java exploit is delivered via a drive by download, which occurs when people click on URLs with malware via email.”

Gostev also noted that SabPub is also being used to attack specific targets: “It would seem that the attackers have an extremely select list of victims that is not very large.”

Although Mac users may think they are safe from viruses, Kaspersky Lab noted that before 2012 about 300 variants of Mac malware had been detected. Now, however, more than 70 have been detected in the past three months.

SEE ALSO: Find Out if Your Mac Has the Flashback Trojan — the Fast and Easy Way

Last week, Apple released a security patch for Java that prevents the Flashback Trojan — called “Flashfake” — from exploiting the vulnerability to infect computers. Since then, Kaspersky Lab said it has seen a decline in the number of active bots for Flashfake, dropping from more than 650,000 infected computers to just 237,000.

However, the decrease in infected bots does not mean the botnet is on its way out. The numbers represent the active bots connected to Flashfake during the past few days – it is not the equivalent of the exact number of infected machines. Infected computers that were inactive during Easter weekend would not be communicating with Flashfake, which makes them not appear as an infected bot, Kaspersky said.

Gostev advises that all Mac users stay up to date with their Apple software: “We recommend users update their systems immediately with the latest security update from Apple.”