Home / malwarePDF  

XAgentOSX


First posted on 02 March 2017.
Source: SecurityHome

Aliases :

There are no other names known for XAgentOSX.

Explanation :

Palo Alto Networks discovered a backdoor trojan called XAgentOSX that can take screenshots from, examine files stored on, and log keystrokes sent to a macOS computer. XAgentOSX is said to be made by a group called Sofacy that uses the similarly named XAgent to steal information from Windows PCs.
XAgentOSX appears to be related to Komplex, another trojan that targeted computers running the operating system formerly known as OS X, the company said. Komplex was likely used to install XAgentOSX--which has broader capabilities--by the malware's creators. Palo Alto Networks said it found "a loose connection to the attack campaign that Sofacy waged on the Democratic National Committee based on hosting data in both attacks."

So what information can XAgentOSX gather? Palo Alto Networks said that in addition to keylogging, the trojan can also be used to take screenshots or figure out if a Mac has been used to back up an iOS device.

Palo Alto Networks' report follows reports that malicious software has become more common on Macs. Apple's computers used to have a reputation of being virus-free, at least among general consumers, but the reality was that hackers were better served by targeting more popular Windows devices. Now it seems that some attackers no longer want to participate in the platform wars--they're going to target people who use either operating system.

Last update 02 March 2017

 

TOP