Security researchers Claudio Guarnieri and Colleen Anderson found a threat “Trojan” for Mac called MacDownloader. According to experts, the malware used by the hackers to attack on the defense industry in the United States and human rights activists.
As reported by Securitylab, Trojan MacDownloader was discovered on a phishing web web site imitating a legitimate online a major American aerospace company UTC Aerospace Systems. Previously this site was used during phishing attacks with the aim of spreading viruses for Windows. In the creation and management online the researchers suspect criminals from Iran.
The website offers various free courses for employees of companies in the American defense sector, like Lockheed Martin, Raytheon and Boeing. To view the posted video, the user is supposed to install Flash Player. However, instead of the player on the victim’s computer is loaded with malware.
Using fake Windows for authorization MacDownloader steals credentials from the victims in the system Keychain password management. Experts say the low quality of malware and consider it “proof of concept” virus writers are lovers.
Despite this, MacDownloader able to bypass the detection on VirusTotal.