A well-known users of Apple's computers, the Dalai Lama has been targeted by a virus which seems to originate in China.
A security firm has uncovered an advanced persistent threat (APT) attack which is emanating from China and which is targeting specifically Uyghur activists who use computers and laptops running Apple's Mac OS X.
Kaspersky Lab expert Constin Raiu exaplins that the company last week spotted a new APT campaign using a new Mac OS X backdoor variant, known as MaControl, targeting Uyghur activists. The Uyghur people are an ethnic Turkish group spread throughout Eastern and Central Asia who are embroiled in a human rights battle with the Chinese government.
APT usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity - the Uyghur activists in this case.
Activists, like the Dalai Lama, receive emails which purport to support the movement, with a .zip file attached. Inside the .zip file is a .jpg photo and a Mac OS X app called matiriyal. This app exploits a known weakness in the Mac OS X software and when it is executed, it installs itself on the system and connects to its command and control server to get instructions.
Once infected, the malware lets the person in charge of the command and control server perform a range of tasks including listing files, transferring files and generally running commands on the infected machine.
Kaspersky Lab investigated where the new virus originated from and discovered that while some of the comments and debug information was written in English, it was clear that English was not the creators' first language.
Kaspersky Lab found common mistakes such as misspellings, and once the Lab had decrypted the file, the command and control server address was discovered to be located in China.
"With Macs growing in popularity and their increased adoption by high profile targets, we expect the number of MacOS X APT attacks will also grow," Raiu said in the blog post.
He goes on to say that the hackers used a combination of tactics in order to spread the malware: "Just like with PC malware, a combination of exploits and social engineering tricks are generally the most effective; it won't be surprising to see a spike in such attacks soon."
As well as the Mac OS X version of this new APT, AlienVault has discovered a Windows variant of the threat, which also uses an email with a .zip file attached.