According to a new report, the spies have strengthened the Komplex macOS/OS X Trojan so that it not only steals passwords and screenshots, but can extract iPhone backups. This is according to the team at Bitdefender Labs, which announced in a blog post (opens in new tab) yesterday (Feb. 14) that it found this new sample of Komplex. This tool is commonly attributed to the Sofacy group of Russian military intelligence, also known as APT28, also known as Pawn Storm, also known as Fancy Bear. MORE: Best Mac Antivirus Software Once Komplex lands inside a Mac (previous instances used targeted spear phishing attacks) it sends the data back to HQ using a network of command and control servers that impersonate Apple websites. After checking for antivirus software to see if the coast is clear, it spawns infinitely looping communication threads that send system information, desktop screenshots, browser-saved passwords and even locally-stored iPhone backups, back to its home base.
So what should you do?
Be wary of clicking on links and opening attachments in unsolicited emails, even if they appear to come from friends or co-workers. Install and run Mac antivirus software that scans email attachments. Komplex and similar Trojans can be hidden in any kinds of files, including PDFs and images. The average citizen, though, shouldn’t be looking out for this specific attack. This new flavor of Komplex will likely target journalists, politicians, think-tank staffers and military personnel, those with trade secrets that spies are looking to pilfer.
macOS High Sierra Tips
Previous TipNext Tip
How to Download and Install macOS High SierraHow to Use Picture-in-Picture on a MacHow to Use Siri on Your MacHow to Use Optimized Storage in macOS SierraHow to Use Memories in the Photos App on MacHow to Use Messages in macOS SierraHow to Use Apple Pay in macOS SierraHow to Unlock a MacBook with Your Apple Watch