It’s public knowledge by now that a Russian hacker group (known as APT28) was behind the election-time hacks in the U.S. a few months ago. A research firm has now mentioned that the same group is also behind the Mac malware that was discovered recently.
The malware, known as XAgent, can be customized to create a perfect backdoor entry into a Mac, allowing hackers to steal iOS backups that are stored on a Mac, logging passwords, and even taking pictures of displays. The research firm, Bitdefender, came out with this information.
It must be noted that there are already a handful of malicious services that are linked to APT28, including Sofacy, Sednit, Fancy Bear, and Pawn Storm. These findings have revealed that XAgent has a very familiar file path in its binaries as the one on Komplex, which is a trojan that piggybacks off of Sofacy. A more recent discovery mentioned that the latest Mac malware is being planted onto the machines with the help of Komplex.
A previous report has ascertained that APT28 primarily operates out of Russia as members of the group speak the language and even operate during Russian hours. It is said that their primary targets include Ukraine, Spain, Russia, Romania, the U.S., as well as Canada. Further reports have mentioned that APT28 is closely associated with the Russian government and has been in operations since 2007.
Bitdefender had this to say on its report – “Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation. For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel.”
[Via Ars Technica]