Threat Management, Malware

Mac malware originated in Iran, say researchers

A piece of malware, believed to have originated in Iran, was detected on the Apple computers of a phony website masquerading as the U.S. aerospace firm United Technologies, as well as that of a human rights advocate.

The Mac-based malware could be an attempt by Iranian hackers to target the U.S. defense industry, according to Claudio Guarnieri and Collin Anderson, researchers involved in investigating Iranian cyberespionage threats. The code was sloppily written, they said, so the potential damage is likely minimal.

But, circumstantial technical evidence – namely, the command-and-control data, strings in the code and the manner in which it was distributed – led the pair to believe the malware, dubbed MacDownloader, was coded by a hacker group known as Charming Kitten, which the pair connected to Iranian security companies.

"While this agent [malware] is neither sophisticated nor full-featured, its sudden appearance is concerning given the popularity of Apple computers with certain communities and inaccurate perceptions about the security of those devices," they said.

Despite the typos and grammatical errors in the coding, the researchers' malware analysis, posted earlier this month, said the malware had escaped detection by AV scanners.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.