Criminals have discovered a flaw in the Mac operating system, OS X, and have turned it into an opportunity to hack into more than 17,000 Apple computers worldwide.
The flaw was first discovered by Russian security company Dr. Web last month.
The site posted: "Doctor Web's security experts researched several new threats to Mac OS X. One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm."
The same report said that a recent statistical analysis revealed that there are more than 17,000 IP addresses associated with infected Macs.
When a Mac is infected with the iWorm, hackers can issue commands that enable the program to carry out a wide range of instructions.
Dr. Web said that hackers were able to develop the malware using C++ and Lua.
"It should be noted that the backdoor makes extensive use of encryption in in its routines. During the installation, it is extracted into the /Library/Application Support/JavaW, where the dropper generates a p-list file launching the backdoor automatically," the site explained.
In a report by Yahoo! Finance, the iWorm apparently uses Reddit's search functions to find instructions from hackers in a Minecraft discussion section of the site.
Minecraft is a game about breaking and placing blocks. The video game was independently published by Mojang and Microsoft acquired it in September for $2.5 billion.
Apple Insider reports that "After iWorm installs in the Mac, it creates an operating file, opens a port to request list of control servers and connects, awaiting further instructions."
The malware uses Reddit.com's search service to access the botnet server list found in the "minecraftserverlists" post, confirms Apple Insider.
Apple Insider said that the Reddit string has since been shut down, but experts believe that iWorm creators are likely to set up another server list in a different search service.
Once connected, hackers can send commands to their "botnet" of infected Macs. Botnets are commonly used to send spam emails, mine Bitcoin, or flood websites with traffic that eventually crashes them, cites the Yahoo! Finance report.
Macs infected with iWorm can be directed to gather and send confidential user information, set certain parameters in configuration files, perform GET queries, be put into sleep, ban nodes, and perform nested Lua scripts, among a host of other backdoor operations, notes Apple Insider.
At the moment, virus experts observe that hackers are still not using the infected computers for any attack so it is likely that they are just building their networks for the time being.
As of September 26, 2014, Dr. Web indicated that the number of Macs that is believed to have already been infected by the iWorm virus is 17,658, 4,610 of them in the U.S.
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
