Newly Discovered Mac Trojan Exploits Same Java Vulnerability found in Flashback
New malware dubbed “Dockster” that takes advantage of a well-documented Java vulnerability has been found on a website dedicated to the Dalai Lama. The Trojan has been able to install itself on a Mac user’s computer to capture keystrokes and other sensitive data. At the time of its discovery (on November 30), the code’s creators were testing whether it would be detected, but as of this writing, the malicious code is now “in the wild.”
As mentioned in a previous report from F-Secure
, Dockster leverages the same Java vulnerability to drop the backdoor onto a Mac, which then executes code to create an agent that feeds keylogs and other sensitive information to an off-site server. In the case of Flashback, which was discovered by Intego
, a reported 600,000 Macs were affected before both Apple and Oracle ended up releasing a Java patch to remove the malware and protect against future attacks.
The new Dockster seems to take advantage of an already fixed weakness; users who haven’t yet updated their Macs or are running older software may still be at risk. We’ll have to see what Apple and Oracle end up doing to remedy the situation; in the meantime, we'd suggest practicing safe browsing.