Apple updates XProtect to kill iWorm botnet threat

Apple has released an update for its XProtect anti-malware system which makes it detect three different version of the iWorm OS backdoor malware discovered last week by AV specialists from Dr. Web.

The malware ropes infected machines into a “currently dormant” botnet, and got the IP address of C&C servers to which it was ment to report from Reddit posts. It is capable of doing many things, and among them is downloading additional (malicious) files and executing system instructions.

The researchers haven’t been able to discover how the malware spreads, but said that it’s definitely not self-replicating.

A few days later, Thomas Reed at The Safe Mac was tipped off by an anonymous source that the malware is spread via installers that come with pirated versions of popular apps being offered on Pirate Bay.

Apparently, the installers requested – and were granted – administrator privileges.

He checked out the claim, found it to be true, and submitted this tip and his findings to Apple’s product security team.

Apple has released an XProtect update dealing with the issue on Saturday, and it contains definitions for three different variants of the malware.

Users don’t have to worry about implementing the updates, as their computers check for XProtect updates on a daily basis and implement them automatically.