[MacOS] Trojan horse uses MacOS X ARD vulnerability

Last week we reported about the vulnerability of the Apple Remote Desktop (read here). Now Brian Krebs of the Washington Post (read here) found out that readymade scripts are available yet on the net.

The scripts are compiled into an exploit tool called “Applescript Trojan Horse Template”. The scripts allow any user to run programs without having legitimate privileges. The template is designed to be bundled with any software. This means by downloading software from dark places on the net you may be in danger of being attacked stealthy.

After installation a keystroke logger (keylogger) is installed and and a VNC (virtual network computing) server is installed, that allows attackers to remotely access a victim’s computer. Moreover a PHP shell gets installed that allows tracking the victim’s computer using dynamic DNS services.

Our recommendation: get yourself a Mac virus scanner as soon as possible. The virus free time is almost over. Apple gains market shares and hackers become more and more interested in Mac based machines…

Leave a Reply

Your email address will not be published. Required fields are marked *