Right after security engineers the world over high-fived themselves for stomping out the Flashback Trojan, which menaced more than 650,000 Mac users, a new menace rears its ugly head -- and this one is potentially even larger.
Anti-virus security firm Kaspersky Lab spotted a second Mac Trojan in the wild, this one formally known as Backdoor.OSX.SabPub.a (or "SabPub" for short).
Like the Flashback Trojan, SabPub also slips onto a Mac by way of Java, infecting computers when a specific link is clicked in an email.
SabPub has specific targets
"The Flashback and the SabPub Trojans are totally different," explains Alex Gostev, Kaspersky's chief security expert.
"SabPub is classic backdoor Trojan, so it opens full access to a victim's system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people's search engine results inside their web browsers."
There is one bit of good news: SabPub appears to be trained on specific targets rather than the unsuspecting public at large.
"It would seem that the attackers have an extremely select list of victims that is not very large," Gostev reveals.
It only takes one click
As it turns out, SabPub has been spotted before as a vulnerability in Microsoft Word that has long since been squashed.
The version Kaspersky identified now is using Java -- which the recent Flashback also took advantage of -- but in a completely different way.
"The latest version of SabPub uses the Java exploit to spread infection in a more effective way because the Java exploit is delivered via a drive by download, which occurs when people click on URLs with malware via email," Gostev concludes.
Kaspersky's security expert advises Mac users to keep updated with the latest patches from Apple as a deterrent against malware such as SabPub.
Last week, the company issued a Java update to stomp out Flashback, and will likely do the same in the near future for SabPub as well.
Via: Mashable
