BrandedLogoDesigns Report:Iranian malware attacks Windows and Mac PCs

With a simple trick, the MacDownloader accesses passwords. The malware is intended to have employees of US armaments companies and human rights activists.

Disguised as an Adobe Flash installer and BitDefender adware removal tool, the MacDownloader malware attempts to pass passwords to its creators. This is what the two security researchers Claudio Guarnieri and Collin Anderson write in a report.

After the installation, the MacDownloader tries to get the victim's passwords using a fake system dialog, and then forwards the Apple keybund to the attackers. These are said to come from Iran, according to security researchers.

The two researchers describe the malware as the "first attempt of an amateur developer". Because the MacDownloader was sloppily programmed and the system dialogs full of writing errors. The harmful software is nevertheless dangerous: according to computerworld.com, the virus database VirusTotal did not recognize the MacDownloader.

Armaments companies and human rights activists

Guarnieri and Anderson explain that the malware appeared on a fake website of the American aviation company United Technologies. The site was used in a spear-phishing attack via email to spread Windows malware. Meanwhile, the pest also attacks Mac computers.

The main target was the first of US armaments companies such as Lockheed Martin and Boeing, who were lured into the trap on the fake website with free courses and programs. Later, the malware, according to the security researchers, had also targeted human rights activists. These, especially in Iran, are becoming more and more reliant on Apple products for security and stability reasons, and may therefore be better protected against malware.