New Mac OS X backdoor Trojan, Sabpab, discovered

By Dot Matrix
in Back Page News

 Share

Recommended Posts

Grand Master

Dot Matrix

Posted
Posted

Hot off the heels of the Flashback malware, Sophos has announced the discovery of a new Mac OSX Trojan, Sabpab, which uses the same Java vulnerability Flashback used, and just like Flashback, doesn't need or require any user interaction to be installed.

The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

The Trojan creates the files

/Users/<user>/Library/Preferences/com.apple.PubSabAgent.pfile

/Users/<user>/Library/LaunchAgents/com.apple.PubSabAGent.plist

Encrypted logs are sent back to the control server, so the hackers can monitor activity.

The potential for abuse of compromised Macs should be obvious, given the Trojan's functionality.

Source: SOPHOS

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

Apple needs to hand over the maintenance of Java over to its main company. Days of Macs being virus proof are over.

seriously, I can't understand why Apple wants to be in control of when java updates get pushed (aka almost never)
Community Regular

BumbleBritches57

Posted
Posted

The coffee is opening holes in the apple :p

Anyway since they already fixed that Java issue, this trojan won't affect patched systems, right?

Maybe Apple can buy an anti-virus company and create Apple Security Essentials :p

Apples approach to security is light years ahead of Microsoft, Mac OS can require apps to be signed, each app is broken up into separate parts with each part only able to do one thing, like with QuickTime, the Video Decoder, is ONLY allowed read from teh disk and decry pt the content of a video stream. I could go on, but Ars had a great line up in their OS X Lion review.

Community Regular

funkydude

Posted
Posted

Apples approach to security is light years ahead of Microsoft

Don't think I've laughed so hard in a long time, my chest hurts! When it comes to security, the only thing Apple is light years ahead of Microsoft on is denial.

  • 123456789A, resol612 and FarCry3r
  • Like 3
Grand Master

Dot Matrix

Posted
  • Author
Posted

Part of me wishes Steve was still alive to declare war on Java just like he did Flash. :/

Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

Grand Master

.Neo

Posted
Posted
Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

Agreed. I hate the fact I get a prompt to install Java when I'm launching Adobe Photoshop the first time. :pinch:

Grand Master

Brandon H Supervisor

Posted
  • Supervisor
Posted

Java needs to go away. I'm sorry to all the Minecraft players out there, but Java needs to die a quick death.

I'm a Minecraft player and even I think Java needs to die
  • Glassed Silver, crispkreme and simsie
  • Like 3
Grand Master

Elliott

Posted
Posted

Best advice I can give is to just keep Java disabled in your browser of choice. It's already disabled by default in Safari on Lion (even if you have Java installed like Adobe has forced me to do).

Grand Master

Argi

Posted
Posted

Apples approach to security is light years ahead of Microsoft, Mac OS can require apps to be signed, each app is broken up into separate parts with each part only able to do one thing, like with QuickTime, the Video Decoder, is ONLY allowed read from teh disk and decry pt the content of a video stream. I could go on, but Ars had a great line up in their OS X Lion review.

I assume you mean the other way around. Microsoft has always had a huge head start on the security front and they've had the infrastructure and teams established within the company to deal with threats for considerably longer. Your example is great, but IE has had protected mode since Vista AND that can be used by any other apps to switch threads or processes to low IL.

Haven't even touched on ASLR, DEP, and other technologies (I have a larger list in a notebook at home).

Windows 8 will bring even more improvements for intra process security and doing the same application signing requirements for Metro apps.

Grand Master

#Michael

Posted
Posted

Apple just released two updates to address this issue and a removal tool for Macs without Java installed.

That's the point I don't understand. Flashback and this new supposed one are Java exploits....so if my Mac doesn't have Java installed how can my machine get infected and thus need this removal tool? Isn't the best defense on this just not to have Java installed along with a good a/v scanner?

Veteran

Unrealistic

Posted
Posted

That's the point I don't understand. Flashback and this new supposed one are Java exploits....so if my Mac doesn't have Java installed how can my machine get infected and thus need this removal tool? Isn't the best defense on this just not to have Java installed along with a good a/v scanner?

Yes.

Grand Master

Glassed Silver

Posted
Posted

I'm glad I upgraded all my Macs to Windows 7 in time.

Yupp.

Zero vulnerabilities. :rolleyes: :laugh:

Glassed Silver:mac

  • .Neo, Aaron Olive and recursive
  • Like 3
Grand Master

123456789A

Posted
Posted

And did you ditch OS X completely ? If so, I don?t understand your point. If anything, your Macs are a couple of times more vulnerable than ever before. It?s your call, man.

I still have OS X but I have no real reason to use it anymore. The question then becomes, why did I get a Mac in the first place? I didn't know Windows 7 was so good. If I did at the time, I would have saved myself some money and built my own PC.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft finally launches WSL Containers in public preview

      By sphbecker · Posted

      I honestly think WSL is one of the coolest things about Windows. The fact that you can type one command and now your computer also runs Linux, without any VM or OS setup is impressive. Yes, it is a VM under the covers, but what is impressive is how seamless and simple it all is.
    • WhatsApp is getting usernames, and you can reserve your preferred one now

      By +Good Bot, Bad Bot · Posted

      You still shouldn’t want a WhatsApp account. You made it this long why would you need one now?
    • Microsoft Edge gets tons of security features, including AI model that can see your screen

      By ad47uk · Posted

      Zen is based on Firefox anbd don't have any A.I at all
    • Microsoft Edge gets tons of security features, including AI model that can see your screen

      By ad47uk · Posted

      I don't use Edge, I don't even use Windows these days as my main driver. Mac these days I use and Zen browser
    • Apple releases iOS 26.5.2 with dozens of security fixes for iPhone

      By Karthik Mudaliar · Posted

      Apple releases iOS 26.5.2 with dozens of security fixes for iPhone by Karthik Mudaliar Apple has released iOS 26.5.2 and iPadOS 26.5.2, which are security-only updates for the iPhone and the iPad. The update brings a bunch of security fixes for WebKit, WebRTC, WebKit Storage, WebKit Canvas, Web Extensions, libxslt, IOGPUFamily, and even the kernel. Some of the WebKit issues that were fixed could have allowed malicious web content to disclose sensitive user information, exfiltrate cross-origin data, crash Safari, or process restricted web content outside the browser sandbox. One notable WebKit Storage bug could let a malicious website to silently hijack clipboard data, according to Apple’s description. Other WebKit-related flaws involved memory corruption, use-after-free bugs, type confusion, out-of-bounds writes, permissions problems, and cross-origin data handling issues. The update also includes three kernel-related fixes. Apple says one of the flaws could let an app write kernel memory or cause unexpected system termination, while another may leak sensitive kernel state, and a third could corrupt kernel memory or terminate the system unexpectedly. Although Apple hasn't described them as remote web attacks, kernel bugs are still important to fix, as they can sometimes be chained with other flaws to escape app or browser restrictions. The updates are available for iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later. Similar security fixes also came with the latest update to macOS Tahoe 26.5.2, which Apple released on the same day. That overlap is not surprising, since Safari, WebKit, WebRTC, and other underlying components are shared across Apple’s platforms. Users are advised to update their devices sooner rather than later as these security fixes are crucial. iOS 26.5.2 can be installed from Settings > General > Software Update. Similarly, Mac users can find macOS Tahoe 26.5.2 through System Settings > General > Software Update.

  • Recent Achievements

    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well
    • Week One Done
      NovaEdgeX earned a badge
      Week One Done
    • One Year In
      BA the Curmudgeon earned a badge
      One Year In
    • Conversation Starter
      rosiecharles earned a badge
      Conversation Starter
    • First Post
      KMilenkoski1202 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      535
    2. 2
      +Edouard
      266
    3. 3
      PsYcHoKiLLa
      149
    4. 4
      Steven P.
      97
    5. 5
      macoman
      61
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!