Sabpab, new Mac OS X backdoor Trojan horse discovered

More malware for the Mac OS X platform has been discovered, hot on the heels of the revelation that some 600,000 Macs had been infected in the Flashback attack.

And just like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac.

The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet.

Sabpab

Sign up to our free newsletter.
Security news, advice, and tips.

The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

The Trojan creates the files

/Users/<user>/Library/Preferences/com.apple.PubSabAgent.pfile

/Users/<user>/Library/LaunchAgents/com.apple.PubSabAGent.plist

Encrypted logs are sent back to the control server, so the hackers can monitor activity.

The potential for abuse of compromised Macs should be obvious, given the Trojan’s functionality.

Sabpab commands

The Sabpab Trojan is not believed to be anything like as widespread as Flashback, but still underlines the importance of protecting Macs against malware with an up-to-date anti-virus program and security updates.

It’s time for Mac users to wake up and smell the coffee. Mac malware is becoming a genuine issue, and cannot be ignored any longer.

Sophos products, including our free Mac anti-virus for home users, detect the Trojan horse as OSX/Sabpab-A.

Of course, those users who had already protected their computers with Sophos products were already defended against the Java vulnerability.

DownloadFree Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.