Skip to main content

New Mac botnet malware uses Reddit to find out what servers to connect to

Screen Shot 2014-10-02 at 14.04.26

Mac users should beware of some new malware spreading, that tries to connect infected machines with a botnet for future exploitation. As detected by Dr Web, the malicious worm (dubbed Mac.BackDoor.iWorm) first checks whether any interfering applications are installed on the Mac.

If it is clear, it calls out to Reddit posts to find the IP addresses of possible servers to callback too. Although these posts have been deleted, it’s not hard for the people behind the exploit to repost them at a later time. Once connected to the botnet, the infected Mac can be literally instructed to perform almost any task the hackers want, such as redirect browsing traffic to potentially steal account credentials for instance.

Dr.Web estimates over 15,000 distinct IP addresses have been connected to the botnet already. Although 15,000 IPs does not directly translate into 15,000 separate infected users, it is indicative of a rather large base for a Mac worm.

Unfortunately, the security analysts fail to mention (or simply don’t know) how the virus is spreading into users’ Macs. Hopefully, this information comes to light soon so Mac users can know what to look out for. Once identified, Apple can add the virus to its security blacklists (which are refreshed nightly) to give some automatic protection to its user base.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Michael Superczynski - 9 years ago

    My bet is on social engineering.

  2. aeronperyton - 9 years ago

    You used the words malware, virus, and worm to describe the same thing. Which one is it? (hint: you can eliminate one of those choices right off the bat)

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.