Over the weekend, Kaspersky Lab discovered a new Trojan that infects Apple Mac computers, called SabPub or Backdoor.OSX.SabPub.a, reports Mashable. This new malware discovery comes hot on the heels of the highly publicized Flashback virus, which infected more than 650,000 Mac users at its peak.
SabPub spreads via an exploit in Java, like Flashback. However, Alex Gostev, chief security expert of Kaspersky Lab, told Mashable that the similarities end there.
"The Flashback and the SabPub Trojans are totally different," Gostev said. "SabPub is classic backdoor Trojan, so it opens full access to a victim’s system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people’s search engine results inside their web browsers."
Kaspersky Lab noted that attacks on Mac OS X have increased over time. About 300 variants of Mac malware were detected before 2012, while more than 70 have been detected in just the past three months.
While Apple released a Flashback removal tool several days after that exploit's appearance, users who wish to check for and rid themselves of SabPub don't have to wait for a fix. To remove SabPub from your computer, follow these instructions.
- Navigate to the Library folder within your user account.
- In the LaunchAgents folder, find and remove the file com.apple.PubSabAgent.plist.
- In the Preferences folder, find and remove the file com.apple.PubSabAgent.pfile.
- Log out and log back in to clear the files from the system's memory.
Alternatively, you can simply run the following two commands in the Terminal application:
Again, log out and log back in after removing the files to clear them from the system's memory.