New Mac Malware 'Dockster' Found on Dalai Lama site

A new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website (gyalwarinpoche.com) dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal information.

**Mac in Danger ?**Earlier this spring, a Russian security firm discovered a trojan piece of malware which took advantage of a Java vulnerability on many computers, Macs and PCs alike. This trojan, known as “Flashback,” was used to enlist some 600,000 infected computers into a botnet.

Malware also provides an interface that allows attackers to download and execute additional malware. Dockster has been found to use the same exploit code as the previous SabPab virus to gain access through a backdoor. Dockster is also said to launch an agent called mac.dockset.deman, which restarts each time a user logs in to their Mac.

Dockster is only the latest Mac-based threat to hit organizations and people sympathetic to Tibet’s conflict with the Chinese government.

In April, another piece of malware, known as “Backdoor.OSX.SabPub,” or “SabPub” was found and distributed through Microsoft Office files sent to those who may sympathize with Tibet. The attackers behind SabPub used a technique known as “Spear-Phishing,” a practice used to target smaller groups of people as opposed to sending out mass emails in hopes that someone will click a link.

In September, security firm AlienVault said it had discovered the creator of the PlugX Remote Access Tool (RAT), which had been used by hackers from various countries to target Tibet. The creator hailed from China.