The Trojan has been linked to a Russian hacking group which supposedly has the backing of the Russian state.
A Russian hacking group which supposedly has the support of the Russian state, which earlier has been accused of hacking the computers of the Democratic National Committee has now reportedly extended its repertoire.
Researchers from Bitdefender Labs have now obtained a sample of a Trojan, Xagent, that targets Apple’s Mac operating system. The Trojan has now been linked to Russia’s APT28, Strontium or Fancy Bear.
The Trojan not only captures passwords and screenshots but also includes modules that can swipe iOS device backups created by iTunes.
Although encrypting that data is not exactly rocket science, it essentially provides intruders access to snoop on iPhone data without compromising the iPhone itself.
Bitdefender’s researchers zeroed down to it as being a variant of Xagent, since the Mac version shows a “number of similarities” to the one for Linux and Windows.
Furthermore, they linked it to APT28 since the trojan’s command-and-control systems are annoyingly similar to the ones used by APT28.
Although researchers have got their hands on Komplex, how an attack is launched using the tool has yet to be fully worked out by them. What is currently known is that Komplex infects Macs through a vulnerability in MacOS’s antivirus. Researchers have to know figure out what other modules are available for the Trojan and their role is during an attack.
Either way, Mac users are clearly now on the cross hairs of Russian hackers, a discomforting thought.
If you use a Mac, make sure your operating system is fully updated. Run a firewall and update your antivirus. It’s better to be prepared than be a sitting duck for Russian hackers.
Also, spread the word around so that people are aware of the threat.