A new malware targeting Macs has been discovered: the Mokes backdoor.
Capable of making screenshots, recording keystrokes, capturing audio, and rifling through Office documents and removable storage devices, Mokes (aka Ekoms) can be also made to execute arbitrary commands on the system.
Mokes’ existence doesn’t come wholly as a surprise, as it has been preceded earlier this year by a Linux and a Windows version, and it’s written in C++ using Qt, a cross-platform application framework.
The Mac version of the backdoor is the most capable of the three.
Aside from the aforementioned capabilities, it copies itself in various folders associated with widely-used software such as Skype, Chrome, Firefox, and so on, and uses a plist-file to achieve persistence on the system.
The backdoor’s communication with its C&C server is encrypted by using the AES-256-CBC algorithm. But in case the C&C server is not available, it will temporarily store the collected data on the compromised system.
“The attacker controlling the C&C server is also able to define own file filters to enhance the monitoring of the file system as well as executing arbitrary commands on the system,” says Kaspersky Lab researcher Stefan Ortloff.
Unfortunately, there is still no word on how the malware is delivered or pushed onto users, but if you want to check whether you might have been infected, Kaspersky has detailed indicators of compromise you can look for.
Mac backdoors have become quite popular lately. Bitdefender researchers discovered the Eleanor backdoor in early July, and a few days later ESET researchers have revealed the existence of Keydnap, a spying, keychain-stealing, malware-downloading backdoor.