In association with heise online

27 June 2008, 10:18

Backdoor trojan exploits hole in Mac OS X

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A tool to exploit a known security hole in OS X has been developed and shared in a Mac hacker forum. The "Applescript Trojan horse template" employs the root exploit that became public last week. The exploit allows attackers to get administrator rights and use them to set up hidden backdoor and spy functions.

Available functions include keylogging, the creation of screenshots and images with an installed camera, and a web front-end for remote maintenance. A VNC server provides remote access to the entire desktop. Once infected, computers can be found again and again via dynamic DNS entries once they connect to the Internet.

The tool does not seem to have an active distribution routine, though it can be injected as a classic trojan horse in download packages for regular OS X applications. Apple has yet to provide a patch for this security flaw. However there is no indication that this backdoor tool is being widely distributed at the moment, but the situation could change at any moment now the tool is publicly available. Vendors such as SecureMac and Trend Micro have already added signatures that detect the Trojan.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit