Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Desktops (Apple)

Russian Cyberspies Blamed For US Election Hacks Are Now Targeting Macs (computerworld.com) 251

You may recall "APT28", the Russian hacking group which was tied to last year's interference in the presidential election. It has long been known for its advanced range of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. From a report on ComputerWorld: The group -- known in the security industry under different names including Fancy Bear, Pawn Storm, and APT28 -- has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent. X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan. It's not entirely clear how the malware is being distributed because the Bitdefender researchers obtained only the malware sample, not the full attack chain. However, it's possible a macOS malware downloader dubbed Komplex, found in September, might be involved. Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software, according to researchers from Palo Alto Networks who investigated the malware at the time. The vulnerability allowed attackers to execute remote commands on a Mac when users visited specially crafted web pages.Further reading on ArsTechnica.
This discussion has been archived. No new comments can be posted.

Russian Cyberspies Blamed For US Election Hacks Are Now Targeting Macs

Comments Filter:
  • What? (Score:4, Interesting)

    by Anonymous Coward on Wednesday February 15, 2017 @09:03AM (#53872701)

    WTF. Is someone from a Russian IP address emailing mac owners saying they are from Apple and asking for their passwords?

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      WTF. Is someone from a Russian IP address emailing mac owners saying they are from Apple and asking for their passwords?

      It has yet to proven the Russians had any affect on the outcome of the US Presidential Election 2016. Hillary was the worst candidate the Democrats could have fronted. I would have liked President Trump to have kept NSA Flynn and then working with the Russian Government plan and deliver a bunker busting bomb on the parliament buildings of North Korea in response for their repeated missile launches. Sadly Trump is succumbing to Washington, DC's, "business as usual." Sad.

      • It has yet to proven the Russians had any affect on the outcome of the US Presidential Election 2016. Hillary was the worst candidate the Democrats could have fronted. I would have liked President Trump to have kept NSA Flynn and then working with the Russian Government plan and deliver a bunker busting bomb on the parliament buildings of North Korea in response for their repeated missile launches. Sadly Trump is succumbing to Washington, DC's, "business as usual." Sad.

        Also, the issue at hand during and after the election was not that Russians were hacking the votes, but that Julian Assange was getting his leaks from the Russians, and putting it out daily at their behest. It was never the argument that they were actually breaking into voting machines to alter anything: in fact, when Trump was the one alleging that the elections were rigged, it was President Obama who pointed out that each state had their own voting systems, including states run overwhelmingly by Republi

        • Shouldn't the Russians be acting like the US was Belarus or Tajikistan instead, if the Dems were correct in portraying Trump as a vassal of Putin?

          At least the sources I use aren't claiming that Trump is a vassal of Putin - they're claiming that Trump is Putin's pawn.

          It's been apparent for years that Russia has been trying to pick a real fight with the US or the EU, the usual reason given being that Putin needs to distract a restless Russian population from local issues particularly corruption. Putin getting Trump elected is seemingly a big win if all these things are true - Trump certainly seems far more likely to get into a war with Russian than ...

        • Really Potsy. The news reports kept saying over and over and over, Elections Hacked. Leaking emails is not the same has hacking voting machines.
      • It has yet to proven the Russians had any affect on the outcome of the US Presidential Election 2016.

        This is irrelevant unless you think the discussion is about the legitimacy of the president. It's not. What matters is whether there was Russian involvement and how to prevent future attacks of this kind on democracy.

        Whether the attempt was successful or not is impossible to prove in practice anyway.

  • by geekmux ( 1040042 ) on Wednesday February 15, 2017 @09:06AM (#53872717)

    "...Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software...

    Oh, the irony of an antivirus program running on a BSD-based OS being the vulnerability.

    Yes, Mr. Anti-Vendor, please sell me another wonderful solution you think I need...

    • by DontBeAMoran ( 4843879 ) on Wednesday February 15, 2017 @09:16AM (#53872785)

      MacKeeper already had a bad reputation, this only reinforces it.

    • Wait, that's a legit company? I assumed it was a virus. It always pops up anytime I visit any sketchy site with the most obnoxious ads.

      • Wait, that's a legit company? I assumed it was a virus. It always pops up anytime I visit any sketchy site with the most obnoxious ads.

        Tends to question the legitimacy of the rest of the Anti-Vendor market, doesn't it...

    • Oh, the irony of an antivirus program running on a BSD-based OS being the vulnerability.

      Should have installed Windows Defender

      • Windows Defender works well on Macs - it just sits there. Doesn't waste cycles. Doesn't add to vulnerabilities. No visual clutter. No annoying messages.

        What's not to like?

    • The same thing happens on Windows. For example, last year there was an arbitrary code execution vulnerability in the code that Norton Antivirus uses to scan images. For some idiotic reason, they were running this code with kernel privilege. It ran whenever an image file was written to disk, so it could be exploited by simply receiving an email attachment in a spam, which your antivirus would then scan and run the exploit, even if you never opened the file.
    • Oh, the irony of an antivirus program running on a BSD-based OS being the vulnerability.

      FreeBSD runs on a Mach microkernel?

    • by AmiMoJo ( 196126 )

      AV software is still useful on Unix systems. In fact even most Windows malware these days runs on the normal user account, e.g. ransomware only needs user permissions to encrypt your personal files.

      Scanning incoming email for exploits against the email client is still a good idea, for example. Is Apple's email client sandboxed like a web browser?

  • by halivar ( 535827 ) <bfelger@@@gmail...com> on Wednesday February 15, 2017 @09:06AM (#53872719)

    They sent John Podesta a bogus email, and he clicked the link. Because of that, we now know the entire DNC plotted against Bernie. The only actual "election hacking" that took place is how the democratic party apparatus chose and coronated the only possible person who could lose to Donald Trump (of all people).

    But blame Russia.

    • Re: (Score:2, Informative)

      Yes, let's be clear, because nobody claimed that actual voting machines were hacked. This was merely a strawman/canard thrown out to confuse the issue.

      First, why we care that the DNC was being hacked is because that's the exact same thing Watergate was about, except that Watergate was a physical break-in to wiretap the DNC, rather than hacking their emails, but for the same exact purpose - to look for anything that could be released that would make the political opposition look bad. The fact that it was R
      • Comment removed (Score:5, Interesting)

        by account_deleted ( 4530225 ) on Wednesday February 15, 2017 @09:26AM (#53872859)
        Comment removed based on user account deletion
        • Or to represent the interests of the party. They had some pretty rough conventions in 1968 and 1972... superdelegates are part of the response to that.

          It's amusing that the structure of the Democratic Party is anti-democratic, but then again, the Republican party isn't terribly republican most of the time.
        • by T.E.D. ( 34228 )

          Oh, get serious. The whole "superdelegate" apparatus exists only to thwart the will of the voters.

          This is in fact 100% true. The theory behind it is that "the voters" in a primary could easily be people who just became Democrats this week (or in some states aren't even Democrats at all), don't give a crap about the party, or even want to actively sabotage it. Remember that primaries are the parties picking their standard-bearer, not the USA at large picking theirs. Superdelegates are elected officials (Governors, Senators, etc.) with at least some proven investment in the party itself. In recent history

        • by Jhon ( 241832 )

          "Oh, get serious. The whole "superdelegate" apparatus exists only to thwart the will of the voters."

          It's how parties work. They try to ensure that popular passions dont overwhelm the party based on emotions. Kind of like how republics work. They reflect the will of the people "smoothed out" over time -- just not when they are pissed off over something that recently occurred and likely to make poor choices until anger fades and they can make choices based more on ideals thought than feelings and reactions

        • by tlhIngan ( 30335 )

          Oh, get serious. The whole "superdelegate" apparatus exists only to thwart the will of the voters.

          As does the electoral college. That was created because the elites (say, the Founding Fathers) realized that giving voting control to the peasants might not have been such a good idea, so the electoral college was created in order to better represent their (the elites) interests. The members are unelected and while they only have one job, they have screwed it up.

      • by Anonymous Coward on Wednesday February 15, 2017 @09:52AM (#53873031)

        Clinton got debate questions in 2 debates, from CNN.
        Clinton did fund raisers with down-ticket people. There is a cap (a couple thousand) that someone can donate to a candidate. The DNC set her up with numerous other Congress runners so the cap was number of people * cap, then Clinton took 98% of what was donated in that event. A rule the DNC recently wrote into the law obviously intending to do this. The DNC refused to help Sanders in the same way.
        The DNC would give stories to "favorable journalists" to smear Sanders a week before primaries in states.
        They ALSO had the superdelegates if needed.

        You should be SHOCKED that the press worked so closely with Clinton to torpedo Sanders (unreported donations and illegal for media to do so). You should ALSO be shocked the DNC rewrote campaign finance laws to abuse them the way they did, I doubt you could find anyone who says that is fair.

      • except that she 1) did so in her CNN contributor capacity (and got fired from it over), 2) it was a blatantly obvious question that anyone should have seen coming (Debate in Flint MI, gee, think they're gonna ask about the water crisis? Duh), and 3) CLINTON FLUBBED THE QUESTION ANYWAY

        So it wasn't an attempt to steer the primary because 1) she had the foresight not to send it from her DNC email account, 2) it wasn't a very good idea, and 3) it didn't work very well? Come on.

        And even putting all that aside, it was a pattern, not an isolated incident [slate.com].

  • by Anonymous Coward on Wednesday February 15, 2017 @09:07AM (#53872727)

    The "election" was never hacked. A political party was, and its dirty laundry was aired.

    • by AmiMoJo ( 196126 )

      It's accurate to say that the election was interfered with by hacking. Releasing DNC dirty laundry, while not doing the same to the Republicans, undoubtedly had an effect on the outcome of the vote. Don't even bother trying to claim that the Republicans don't have any dirty laundry.

      The release of more HRC emails to close to the vote, and the ridiculous decision of the FBI to start an investigation right then certainly had an effect too. The fact that HRC was vindicated didn't undo the damage. The intent was

      • and the ridiculous decision of the FBI to start an investigation right then certainly had an effect too.

        They said a Nation State tried to influence our election.

        The FBI works for a Nation State, and was headed by a Republican.

        The IRS and DOJ have both also gotten fingered trying to influence our elections, both headed by Democrats.

        Intentionally selective outrage makes you a pretender.

      • by mjr167 ( 2477430 )

        But at no point does anyone renounce the content of the emails...

        Everyone seems to want to blame the people that leaked the emails, not the people that wrote them.

  • by Anonymous Coward on Wednesday February 15, 2017 @09:17AM (#53872791)

    ...but because of the Russian hackers I ended up voting Trump. I've no doubt that many other people were influenced in the same way, and I'm certain Clinton would have won if it weren't for the Russian hackers.

    I'm also convinced the Russian hackers caused BREXIT and are secretly supporting the Dutch Party of Freedom, the 5 Star movement and other European populist parties.

    Okay, just to be clear, I'm writing this ironically. What's truly hilarious is that the mainstream media writes this stuff seriously. They've really gone off the deep end and into the territory of lunatic conspiracy theorists. I look forward to CNN reporting that Russians are using mind rays to control how people vote.

    • Right now, the media meme is that Russia is supporting nationalist parties in Europe like Marine Le Pen, hoping to have pliant European leaders just like they 'succeeded' in the US

      Except that none of these parties would be anywhere even close to power had people like Merkel, Hollande, et al not thrown their borders open to millions of Syrian refugees, thereby creating a law & order nightmare in their countries

    • The media is doing what its doing because if they didnt they might have to cover the real news.

      The real news:

      The Democrats now only control...

      ... 24% of State legislature seats.
      ... 32% of Governor seats.
      ... 44% of House seats.
      ... 46% of Senate seats.

      The Democrats have less than 1 out of 4 State legislatures now, and less than 1 out of 3 Governorships.

      The Democrats got wiped out nation-wide at every level.

      Thats the real news. Your welcome.
      • Wow, you've just uncovered an amazing top secret that the "mainstream media" have so carefully kept from us!

        Thank God we have Breitbart News, Alex Jones, and Russia Today to give us the real news about the lizard people...

    • Anyone who doesn't believe that at least half of what you wrote "ironically" is in fact true must be completely detached from reality. But what else would you expect from someone who uses the term "mainstream media".
  • by Camembert ( 2891457 ) on Wednesday February 15, 2017 @09:17AM (#53872793)
    So now MacKeeper is an antivirus software? Rather it is the company with the most annoying popups anywhere for Mac users. Useless software that is aggressively marketed.
  • by Orangedog_on_crack ( 544931 ) on Wednesday February 15, 2017 @09:32AM (#53872889)
    Demonizing Russia is sooooo 20th century. But I guess political party insiders conspiring with big legacy media outlets to cheat a popular candidate and his supporters in favor of a corrupt old hag who was convinced that it was "her turn(!)", well let's hope the rubes buy that Boris and Natasha "interfered" with the DNC's interference. Because Russia
  • On Linux, something I find very annoying with apt-get is that everything goes into a single /usr hierarchy, rather than having multiple ones and overlaying. Right now, it is a hack at best to do stuff like this. But serious thought, on all OSs, needs to be given to the following:

    The point is to make the core of the OS read-only at runtime, preferably read-only at a hardware level (that is, install the OS on a small SSD which even the kernel cannot write to during normal running, and which delegates what configuration settings can be overridden from the writable portion of the files).

    Essentially the 'principle of least privilege' is something that OS designers need to give far more serious thought to, and also what privileges are actually needed during normal runtime. Updating the core OS should be done from a 'secondary OS' whose only purpose is updating the core OS, and is restricted in its nature so as to only be able to do this. (The ideal place for this is in PC firmware, where one should use the firmware to install the base OS, and once booted, the base OS is effectively immutable.)

    (Yes, this is basically a coarse capability-based security system, partially enforced in hardware, in a way which leaves users in control.)

    • The later revs of macOS try to do this with SIP (system integrity protection). Does it work? I've not read anything showing that it has been compromised, but it is a software solution like SELinux, so there is probably a way to bypass it.

      What I would like to see is taking that a step further and having all operating systems run on thin hypervisors (think Hyper-V, ESXi, KVM, or whatnot.) That way, a web browser can be in its own separate VM with a separate filesystem, banking data can be in another VM, an

  • by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Wednesday February 15, 2017 @11:23AM (#53873675) Homepage Journal

    This reckless blaming of Russian hackers only serves to recruit more Russian hackers.

  • Russians hacked the election. NOPE, fake news...just because the LIBERAL QUEEN Hillary LOST THE ELECTION.

Swap read error. You lose your mind.

Working...