Cyber-criminals have seemingly devised a new malware attack that installs botnets on Apple Mac computer systems across the world, via a backdoor entry called Mac.Backdoor.iWorm.
This backdoor entry is found to make use of popular news aggregator site Reddit, to interface the host computer to the hackers' main control centre, thus making host computers vulnerable to data breach.
Once infected, cyber-criminals can use the Mac.backdoor.iWorm to launch veiled attacks on the host system. This malware program is said to make use of the search functionality present within Reddit, and detects comments on various posts that hackers have left in a 'Minecraft discussion' field in Reddit.
After the Minecraft Subreddit comments are detected by iWorm, the malicious code makes multiple attempts to connect to the server addresses mentioned within these Minecraft Subreddit posts.
Once these connections are established by iWorm, hackers are empowered to control the botnet created within hosts systems (Mac machines affected by iWorm) to send out spam emails to user contacts, and perform a series of other 'undesirable' tasks.
iWorm within computer systems running Mac OS X has been detected by Dr Web (a Russian antivirus software development giant), which states that there are in excess of 17,000 IP addresses associated with iWorm infected Mac computers.
"Criminals developed this malware using C++ and Lua. It should also be noted that the backdoor makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/Java, after which the dropper generates a p-list file so that the backdoor is launched automatically," state engineers at Dr Web, in an online report.
However, the Dr Web report does not mention about hackers using the botnet infected systems for launching external attacks. So, it would be desirable for Mac users to run an exhaustive scan of their computers and remove the iWorm infection at the earliest.