Backdoor trojan exploits hole in Mac OS X
A tool to exploit a known security hole in OS X has been developed and shared in a Mac hacker forum. The "Applescript Trojan horse template" employs the root exploit that became public last week. The exploit allows attackers to get administrator rights and use them to set up hidden backdoor and spy functions.
Available functions include keylogging, the creation of screenshots and images with an installed camera, and a web front-end for remote maintenance. A VNC server provides remote access to the entire desktop. Once infected, computers can be found again and again via dynamic DNS entries once they connect to the Internet.
The tool does not seem to have an active distribution routine, though it can be injected as a classic trojan horse in download packages for regular OS X applications. Apple has yet to provide a patch for this security flaw. However there is no indication that this backdoor tool is being widely distributed at the moment, but the situation could change at any moment now the tool is publicly available. Vendors such as SecureMac and Trend Micro have already added signatures that detect the Trojan.
- New Trojan Leverages Unpatched Mac Flaw, Washington Post SecurityFix blog
- AppleScript.THT Trojan Horse, SecureMac security advisory
- Backdoor Busts the Mac Myth, Trend Micro malware blog
- Root exploit for Mac OS X, heise Security news