Trojan Xagent for Mac, created by Russian hackers steal passwords, screenshots, and iPhone backups
15.02.2017 Erika J. Wells 0 Comments
Experts from BitDefender company have discovered a Mac version of the malicious software used by the hacker group APT 28, also known as Fancy Bear, Pawn Storm Sednit, Sofacy and Tsar Team. Trojan steals computer passwords, screenshots, and iPhone backup.
Many link the group APT 28 with the Russian government. Bitdefender experts are sure of involvement in cyber-attacks against European government organizations and enterprises of the defense industry. And that this group is attributed to the breaking of the National Committee of the US Democratic party, which took place last summer.
According to researchers, hackers have developed an exclusive malware Xagent used exclusively campaigns of cyber espionage. Earlier, the experts were faced with the Xagent versions for Windows, Linux, iOS and Android. Now experts BitDefender reported variant of a malware for macOS. Under what circumstances was discovered the malware, is unknown.
“Operators APT 28 extended game – payload X-Agent can now take Mac users to intercept passwords, capture screenshots and steal data stored on the computer backup the iPhone”, – said the experts.
As reported by Securitylab, Xagent is a modular system and files downloaded on the computers of victims with the help of a dropper Komplex. The malware is capable of downloading on the infected computer add-ons, and also to gather information about its hardware and software.
Previously the Bitdefender experts came to the conclusion that the members of the group that created the Xagent that are “either Russian citizens or citizens of neighboring States who speak the Russian language.” In favor of this theory is evidenced by the presence of Russian words in the code used by the hackers tools.
According to the researchers, most of the information was stolen by hackers during working hours in accordance with the time zone, Azerbaijan, Georgia and part of Russia (GMT +4). According to the report, Russia is one of the only three countries that has all the necessary capabilities and resources to carry out such attacks. Goals APT 28 as a rule, are the States that comprise the range of interests of the Russian government.