Security Desktops (Apple)

Russian Cyberspies Blamed For US Election Hacks Are Now Targeting Macs (computerworld.com) 66

Posted by msmash from the further-expansion dept.
You may recall "APT28", the Russian hacking group which was tied to last year's interference in the presidential election. It has long been known for its advanced range of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. From a report on ComputerWorld: The group -- known in the security industry under different names including Fancy Bear, Pawn Storm, and APT28 -- has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent. X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan. It's not entirely clear how the malware is being distributed because the Bitdefender researchers obtained only the malware sample, not the full attack chain. However, it's possible a macOS malware downloader dubbed Komplex, found in September, might be involved. Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software, according to researchers from Palo Alto Networks who investigated the malware at the time. The vulnerability allowed attackers to execute remote commands on a Mac when users visited specially crafted web pages.Further reading on ArsTechnica.

Russian Cyberspies Blamed For US Election Hacks Are Now Targeting Macs

    WTF. Is someone from a Russian IP address emailing mac owners saying they are from Apple and asking for their passwords?

      WTF. Is someone from a Russian IP address emailing mac owners saying they are from Apple and asking for their passwords?

      It has yet to proven the Russians had any affect on the outcome of the US Presidential Election 2016. Hillary was the worst candidate the Democrats could have fronted. I would have liked President Trump to have kept NSA Flynn and then working with the Russian Government plan and deliver a bunker busting bomb on the parliament buildings of North Korea in response for their repeated missile launches. Sadly Trump is succumbing to Washington, DC's, "business as usual." Sad.

  • The irony of the vulnerability... (Score:5, Interesting)

    by geekmux ( 1040042 ) on Wednesday February 15, 2017 @09:06AM (#53872717)

    "...Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software...

    Oh, the irony of an antivirus program running on a BSD-based OS being the vulnerability.

    Yes, Mr. Anti-Vendor, please sell me another wonderful solution you think I need...

    • Re:The irony of the vulnerability... (Score:4, Interesting)

      by DontBeAMoran ( 4843879 ) on Wednesday February 15, 2017 @09:16AM (#53872785)

      MacKeeper already had a bad reputation, this only reinforces it.

      • Bad reputation? That's an understatement. It's an outright scam. If I see it on a system, that gets removed immediately - no questions asked. Even if it was a paid-for version.

    • Wait, that's a legit company? I assumed it was a virus. It always pops up anytime I visit any sketchy site with the most obnoxious ads.

    • Oh, the irony of an antivirus program running on a BSD-based OS being the vulnerability.

      Should have installed Windows Defender

    • The same thing happens on Windows. For example, last year there was an arbitrary code execution vulnerability in the code that Norton Antivirus uses to scan images. For some idiotic reason, they were running this code with kernel privilege. It ran whenever an image file was written to disk, so it could be exploited by simply receiving an email attachment in a spam, which your antivirus would then scan and run the exploit, even if you never opened the file.

    • Oh, the irony of an antivirus program running on a BSD-based OS being the vulnerability.

      FreeBSD runs on a Mach microkernel?

  • Let's be clear on what we mean by election hacking (Score:5, Insightful)

    by halivar ( 535827 ) <bfelger&gmail,com> on Wednesday February 15, 2017 @09:06AM (#53872719)

    They sent John Podesta a bogus email, and he clicked the link. Because of that, we now know the entire DNC plotted against Bernie. The only actual "election hacking" that took place is how the democratic party apparatus chose and coronated the only possible person who could lose to Donald Trump (of all people).

    But blame Russia.

    • Yes, let's be clear, because nobody claimed that actual voting machines were hacked. This was merely a strawman/canard thrown out to confuse the issue.

      First, why we care that the DNC was being hacked is because that's the exact same thing Watergate was about, except that Watergate was a physical break-in to wiretap the DNC, rather than hacking their emails, but for the same exact purpose - to look for anything that could be released that would make the political opposition look bad. The fact that it was R

      • Re:Let's be clear on what we mean by election hack (Score:5, Interesting)

        by jcr ( 53032 ) <.jcr. .at. .mac.com.> on Wednesday February 15, 2017 @09:26AM (#53872859) Journal

        there is ZERO proof the DNC "rigged" anything.

        Oh, get serious. The whole "superdelegate" apparatus exists only to thwart the will of the voters.

        -jcr

          While this is technically true, this is not what happened last year. Last year the SuperDelegates largely followed the will of the (more idiotic of the) people.

          All of this is moot anyway; she lost. Now we have to deal with the fallout. Looking at what coulda shoulda woulda doesn't do anyone a goddamned bit of good.

        • Or to represent the interests of the party. They had some pretty rough conventions in 1968 and 1972... superdelegates are part of the response to that.

          It's amusing that the structure of the Democratic Party is anti-democratic, but then again, the Republican party isn't terribly republican most of the time.

      • except that she 1) did so in her CNN contributor capacity (and got fired from it over), 2) it was a blatantly obvious question that anyone should have seen coming (Debate in Flint MI, gee, think they're gonna ask about the water crisis? Duh), and 3) CLINTON FLUBBED THE QUESTION ANYWAY

        So it wasn't an attempt to steer the primary because 1) she had the foresight not to send it from her DNC email account, 2) it wasn't a very good idea, and 3) it didn't work very well? Come on.

        And even putting all that aside, it was a pattern, not an isolated incident [slate.com].

    • The attack ads practically write themselves. All they had to do was point out that Chavez, in Venezuela, was an actual Socialist, and look how well Venezuela is doing, and Bernie will do for America what Chavez did for Venezuela. Repeat at high volume for 3 months. Heck, look at how well the attacks claiming Obama and Bill Clinton were Socialists worked, and they were nowhere near socialism.

      Bernie, unlike Hillary, would've lost the popular vote too.

    • I guess the Russians flooding the internet with fake news in order to delegitimize every single news organization is not hacking? I'm not convinced there was voting machine hacking, but the Russians definitely engaged in social hacking in a concerted effort to boost Trump.

  • Stop repeating the meme (Score:3, Informative)

    by Anonymous Coward on Wednesday February 15, 2017 @09:07AM (#53872727)

    The "election" was never hacked. A political party was, and its dirty laundry was aired.

    • I'm not saying hacking did occur, but districts with electronic voting machines voted consistently higher for Donald Trump in swing states compared with paper ballots in the same states. If only the paper ballot votes were counted in the swing states, Hillary would have won.

      This could be coincidence, pure statistical noise, or correlated with some other factor that makes both the above true. We'll probably never know. It seems unlikely someone would be able to hack so many machines without anyone finding

      • This could be coincidence, pure statistical noise, or correlated with some other factor that makes both the above true. We'll probably never know.

        We knew almost immediately after the claim that the machines were hacked. You've been pretending that we dont ever since.

        Does it feel good being a pretender?

        • We knew almost immediately after the claim that the machines were hacked.

          Sorry, I forgot, Spicer probably told us the truth about that already.

        And districts that let illegals vote favored Clinton. Fancy that.

        Massive vote fraud, some of it proven, ie caught on tape by Project Veritas. The so-called "hacking" is fake news. The real news is the bussing, multi-voting, and illegal votes. I think you know it.

  • I was going to vote Clinton... (Score:2, Funny)

    by Anonymous Coward

    ...but because of the Russian hackers I ended up voting Trump. I've no doubt that many other people were influenced in the same way, and I'm certain Clinton would have won if it weren't for the Russian hackers.

    I'm also convinced the Russian hackers caused BREXIT and are secretly supporting the Dutch Party of Freedom, the 5 Star movement and other European populist parties.

    Okay, just to be clear, I'm writing this ironically. What's truly hilarious is that the mainstream media writes this stuff seriously.

  • Mackeeper is utter shit (Score:3)

    by Camembert ( 2891457 ) on Wednesday February 15, 2017 @09:17AM (#53872793)
    So now MacKeeper is an antivirus software? Rather it is the company with the most annoying popups anywhere for Mac users. Useless software that is aggressively marketed.

  • Putin making big trouble for moose and squirrel! (Score:4, Funny)

    by Orangedog_on_crack ( 544931 ) on Wednesday February 15, 2017 @09:32AM (#53872889)
    Demonizing Russia is sooooo 20th century. But I guess political party insiders conspiring with big legacy media outlets to cheat a popular candidate and his supporters in favor of a corrupt old hag who was convinced that it was "her turn(!)", well let's hope the rubes buy that Boris and Natasha "interfered" with the DNC's interference. Because Russia

    • Orangedog_on_crack

      Interesting username. Are you that furry orange criter that sits on Donald Trumps head and makes him say silly things?

    • Yeah Russia is a real nice country. They never invade other countries or shoot down airplanes or silence the media. And they definitely don't break treaties by deploying cruise missiles.

  • On Linux, something I find very annoying with apt-get is that everything goes into a single /usr hierarchy, rather than having multiple ones and overlaying. Right now, it is a hack at best to do stuff like this. But serious thought, on all OSs, needs to be given to the following:

    The point is to make the core of the OS read-only at runtime, preferably read-only at a hardware level (that is, install the OS on a small SSD which even the kernel cannot write to during normal running, and which delegates what configuration settings can be overridden from the writable portion of the files).

    Essentially the 'principle of least privilege' is something that OS designers need to give far more serious thought to, and also what privileges are actually needed during normal runtime. Updating the core OS should be done from a 'secondary OS' whose only purpose is updating the core OS, and is restricted in its nature so as to only be able to do this. (The ideal place for this is in PC firmware, where one should use the firmware to install the base OS, and once booted, the base OS is effectively immutable.)

    (Yes, this is basically a coarse capability-based security system, partially enforced in hardware, in a way which leaves users in control.)

