Topic: Uyghur human rights activists Attacked by Mac Trojan (Backdoor OSX MaControl-B)

[Samker]

Security researchers have intercepted a Mac-based Trojan attack targeting Uyghur human rights activists: http://www.uhrp.org/

The Uyghur are a minority ethnic group that live in Eastern and Central Asia, mostly (but not exclusively) within the geographical borders of China. A run of infected emails sent to Uyghur activists, and intercepted by security researchers at Kaspersky Lab, featured an attached ZIP file, containing a jpg photo and a "MacOS X app".

"The application is actually a new, mostly undetected version of the MaControl backdoor (Universal Binary), which supports both i386 and PowerPC Macs," writes Costin Raiu, director of Kaspersky Lab's global research & analysis team, in a blog post: https://www.securelist.com/en/blog/blog?weblogid=208193616
The Russian firm detects the malware as Backdoor OSX MaControl-B.

If executed, the malicious application opens a backdoor on compromised Mac computers, periodically querying a command and control server for instructions. This command and control server is located in China.

Human rights activists as well as high-tech firms, government agencies and military contractors have all been targeted for cyber-spying attacks over recent years. Most of these attacks are ultimately aimed at compromising Windows boxes on targeted networks but Mac machines are far from immune from assault. For example, security tools biz AlienVault warned of booby-trapped Microsoft Office designed to infect Macs and targeted against Tibetan activists back in April.

In other malware infecting human right site news. AlienVault’s research team warned on Friday that a large human rights web portal that has been compromised and is serving up malware to site visitors. The ASEAN site* has been hacked to expose visiting surfers to attacks based on a Windows XML Core zero-day vulnerability, AlienVault warns: http://labs.alienvault.com/labs/index.php/2012/thailand-ngo-site-hacked-and-serving-malware , referencing an advisory on the attack vector by Sophos published earlier last week: http://nakedsecurity.sophos.com/2012/06/19/unpatched-microsoft-security-vulnerability-exploited

(ElReg)

*More specifically a Thailand NGO portal related to ASEAN (Association of Southeast Asian Nations) human rights.