Sunday 19 March 2017, Poradnik bezpieczeństwa

APT28 hacking group turns its attention to Apple MacOS users

Lost24

The Russian group of hackers known as APT28 is targeting MacOS users with a new variant of the X-Agent spyware, which has previously attacked other popular OS systems.


According to the security researchers from Bitdefender Labs the maleware is capable of stealing passwords, taking screenshots, exfiltrating iPhone backups stored on the device, detecting system configurations, and creating a “backdoor” for other malicious wares.


"Once successfully installed, the backdoor checks if a debugger is attached to the process. If it detects one, it terminates itself to prevent execution. Otherwise, it waits for an Internet connection before initiating communication with the C&C (control and command) servers. After the communication has been established, the payload starts the modules," Bitdefender explains.


The experts are not entirely sure how the virus is being spread. However, they believe that – another creation of the APT28 group – a trojan called Komplex  is to blame.

The APT28 group is known to conduct series of cyber attracts involving the infiltration of government and military servers. Most recently, the same group has been accused of hacking into the U.S. Democratic National Committee's email server and interfering with the last year U.S. presidential election.


The MacOS users hoping to prevent infection should download software only from trusted web sites like the Apple App Store, Adobe or Microsoft Office for Mac. It is also wise to install security software that can detect X-Agent and Komplex malewares, such as Bitdefender products.