Mac users should beware of some new malware spreading, that tries to connect infected machines with a botnet for future exploitation. As detected by Dr Web, the malicious worm (dubbed Mac.BackDoor.iWorm) first checks whether any interfering applications are installed on the Mac.
If it is clear, it calls out to Reddit posts to find the IP addresses of possible servers to callback too. Although these posts have been deleted, it’s not hard for the people behind the exploit to repost them at a later time. Once connected to the botnet, the infected Mac can be literally instructed to perform almost any task the hackers want, such as redirect browsing traffic to potentially steal account credentials for instance.
Try Amazon Prime 30-Day Free Trial
Dr.Web estimates over 15,000 distinct IP addresses have been connected to the botnet already. Although 15,000 IPs does not directly translate into 15,000 separate infected users, it is indicative of a rather large base for a Mac worm.
Unfortunately, the security analysts fail to mention (or simply don’t know) how the virus is spreading into users’ Macs. Hopefully, this information comes to light soon so Mac users can know what to look out for. Once identified, Apple can add the virus to its security blacklists (which are refreshed nightly) to give some automatic protection to its user base.