<!--DEBUG:--><!--DEBUG:dc3-united-states-it-in-english-pdf-2--><!--DEBUG:--><!--DEBUG:dc3-united-states-it-in-english-pdf-2--><!--DEBUG-spv-->{"id":446674,"date":"2017-02-07T14:50:00","date_gmt":"2017-02-07T10:50:00","guid":{"rendered":"http:\/\/nhub.news\/?p=446674"},"modified":"2017-02-08T10:07:32","modified_gmt":"2017-02-08T08:07:32","slug":"mac-malware-possibly-made-in-iran-targets-u-s-defense-industry","status":"publish","type":"post","link":"http:\/\/nhub.news\/fr\/2017\/02\/mac-malware-possibly-made-in-iran-targets-u-s-defense-industry\/","title":{"rendered":"Mac malware, possibly made in Iran, targets U. S. defense industry"},"content":{"rendered":"<p style=\"text-align: justify;\"><img style=\"float: left; padding: 5px;\" width=\"300px\" src=\"http:\/\/images.techhive.com\/images\/article\/2017\/01\/dsc05476-100704596-large.3x2.jpg\" alt=\"NewsHub\" border=\"0\" \/>Just because you\u2019re using a Mac doesn\u2019t mean you\u2019re safe from hackers. That\u2019s what two security researchers are warning, after finding a Mac-based malware that may be an attempt by Iranian hackers to target the U. S. defense industry. <br \/>The malware, called MacDownloader, was found on a website impersonating the U. S. aerospace company United Technologies, according to a report from Claudio Guarnieri and Collin Anderson, who are researching Iranian cyberespionage threats. <br \/>The fake site was previously used in a spear-phishing email attack to spread Windows malware and is believed to be maintained by Iranian hackers, the researchers claimed. <br \/>Visitors to the site are greeted with a page about free programs and courses for employees of the U. S. defense companies Lockheed Martin, Raytheon and Boeing. <br \/>The malware itself can be downloaded from an Adobe Flash installer for a video embedded in the site. The website will provide either Windows or Mac-based malware, depending on the detected operating system. <br \/>A screenshot of the fake site. <br \/>The MacDownloader malware was designed to profile the victim&rsquo;s computer, and then steal credentials by generating fake system login boxes and harvesting them from Apple&rsquo;s password management system, Keychain. <br \/>However, the malware is of shoddy quality and is \u00ab\u00a0potentially a first attempt from an amateur developer,\u00a0\u00bb the researchers said. <br \/>For instance, once the malware is installed, it will generate a fake Adobe Flash Player dialog box, only to then announce that adware was discovered on the computer and that it will attempt to clean it up. <br \/>\u00ab\u00a0These dialogues are also rife with basic typos and grammatical errors, indicating that the developer paid little attention to quality control,\u00a0\u00bb the researchers said. <br \/>In addition, the malware failed to run a script to download additional malicious coding onto the infected Mac. <br \/>But despite the shoddy quality, the malware still managed to evade detection on VirusTotal, which aggregates antivirus scanning engines. <br \/>The researchers found other circumstantial evidence that the malware is linked to Iran. An exposed server that the MacDownloader agent uploaded showed wireless networks called \u00ab\u00a0Jok3r\u00a0\u00bb and \u00ab\u00a0mb_1986. \u00a0\u00bb Both of these names have ties to previous Iranian hacking groups, including one known as Flying Kitten , which is suspected of targeting U. S. defense contractors and political dissidents. <br \/>In an email, Anderson said a colleague also observed MacDownloader targeting a human rights activist. <br \/>The danger is that many human rights supporters, especially in Iran, are dependent on Apple devices, the researchers said. \u00ab\u00a0While this [malware] is neither sophisticated nor full-featured, its sudden appearance is concerning given the popularity of Apple computers,\u00a0\u00bb they wrote in their report. <br \/>Mac malware is fairly rare, according to security researchers. That&rsquo;s because hackers tend to attack Windows-based devices, because of their popularity. <br \/>However, Mac-based malware is still popping up here and there. Last month, researchers found another kind designed to spy on biomedical research centers. A separate Mac-based Trojan was found months earlier, targeting the aerospace industry.<\/p>\n<div id=\"td_post_ranks\" class=\"td-post-comments\" style=\"vertical-align: middle;\">\n<div style=\"float: left;\">\nSimilarity rank: 1.1\n<\/div>\n<\/div>\n<p><script>\njQuery(function() {\nvar mainContentMetaInfo = '.td-post-header .meta-info';\nvar tdPostRanks = '#td_post_ranks';\nif (jQuery(tdPostRanks).length) {\n    var tdPostRanksHtml = jQuery(tdPostRanks).get(0).outerHTML;\n    if (typeof tdPostRanksHtml != 'undefined') {\n        jQuery(tdPostRanks).remove();\n        jQuery(mainContentMetaInfo).append(tdPostRanksHtml);\n    }\n}\n});\n<\/script><span>&copy; Source: <a href=\"http:\/\/www.computerworld.com\/article\/3167027\/security\/mac-malware-possibly-made-in-iran-targets-us-defense-industry.html\" target=\"_blank\">http:\/\/www.computerworld.com\/article\/3167027\/security\/mac-malware-possibly-made-in-iran-targets-us-defense-industry.html<\/a><br \/>All rights are reserved and belongs to a source media.<\/span><\/p>\n<script>jQuery(function(){jQuery(\"#td_post_ranks\").remove();});<\/script><script>jQuery(function(){jQuery(\".td-post-content\").find(\"p\").find(\"img\").hide();});<\/script>","protected":false},"excerpt":{"rendered":"<p>Just because you\u2019re using a Mac doesn\u2019t mean you\u2019re safe from hackers. That\u2019s what two security researchers are warning, after finding a Mac-based malware that may be an attempt by Iranian hackers to target the U. S. defense industry. The malware, called MacDownloader, was found on a website impersonating the U. S. aerospace company United [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":446673,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[90],"tags":[],"_links":{"self":[{"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/posts\/446674"}],"collection":[{"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/comments?post=446674"}],"version-history":[{"count":1,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/posts\/446674\/revisions"}],"predecessor-version":[{"id":446675,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/posts\/446674\/revisions\/446675"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/media\/446673"}],"wp:attachment":[{"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/media?parent=446674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/categories?post=446674"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/tags?post=446674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}