MacDownloader was coded by a hacker group believed connected to Iranian security companies.
MacDownloader was coded by a hacker group believed connected to Iranian security companies.

A piece of malware, believed to have originated in Iran, was detected on the Apple computers of a phony website masquerading as the U.S. aerospace firm United Technologies, as well as that of a human rights advocate.

The Mac-based malware could be an attempt by Iranian hackers to target the U.S. defense industry, according to Claudio Guarnieri and Collin Anderson, researchers involved in investigating Iranian cyberespionage threats. The code was sloppily written, they said, so the potential damage is likely minimal.

But, circumstantial technical evidence – namely, the command-and-control data, strings in the code and the manner in which it was distributed – led the pair to believe the malware, dubbed MacDownloader, was coded by a hacker group known as Charming Kitten, which the pair connected to Iranian security companies.

"While this agent [malware] is neither sophisticated nor full-featured, its sudden appearance is concerning given the popularity of Apple computers with certain communities and inaccurate perceptions about the security of those devices," they said.

Despite the typos and grammatical errors in the coding, the researchers' malware analysis, posted earlier this month, said the malware had escaped detection by AV scanners.