Uighur Activists Targeted with Mac Trojan

| News

A new trojan malware threat for the Mac has surfaced the Turkic Uighur population in China. The malware masquerades as a JPG image, but also includes a hidden payload that lets attackers view files on the victim’s computers as well as issue remote commands.

New trojan targets Uighur Mac usersNew trojan targets Uighur Mac users

The Uighur Mac users targeted by the trojan, which is a variation on MaControl malware, were part of an Advanced Persisten Threat campaign, according to the security firm Kapersky. The malware payload is being distributed as an email attachment that, when opened, installs a backdoor giving attackers access to the victim’s Mac.

“The backdoor allows its operator to list files, transfer files and generally run commands on the infected Mac computer at will,” Kapersky researchers said. “During the analysis of the malware, Kaspersky Lab identified its C&C server, which is located in China.”

A similar attack targeted Tibetan activists earlier this year, and apparently the new MaControl variant has been in the wild for weeks.

As always, avoid websites you aren’t certain you can trust, and don’t open email attachments that come from people and organizations you don’t recognize.

Popular TMO Stories


Lee Dronick

Just opening the attachment installs the trojan, no admin password required?

Kind of important

Since it’s masquerading as an image, it may have some ability to install itself as the image is processed, via an overflow.  So, this is why you should not preview email or browse to unknown pages on unknown sites, or follow just any link in just any email or web page. 

Usually this sort of thing is fixed quite quickly with an update from Apple, but not always.


Lee D said

Just opening the attachment installs the trojan, no admin password required?

I, too, would like to know how this is done.


Installing an admin-level app from a JPEG is a HUGE security threat.

If it was a .app or .dmg where the user was dumb enough to install the app in order to view a simple JPEG, that’s a classic Trojan. (Generally there’s little we can do about that aside from user education, but Apple is trying to fix this with it’s new Gatekeeper feature.)

I definitely want to know which one it was.

Lee Dronick

according to many other websites who have reported on this?
?As with previous anti-activist attacks with a Chinese connection, there is nothing unusual about the mechanics of the attack, which arrives in inboxes as a zip attachment containing an image and an application?.
Launching the app opens the infected machine to information theft and remote control; the standard gamut of APT malware in other words.?

So, the users of 10.6+ were warned by their system about ?downloaded from internet? and had to install the app and give their admin password.
  Thanks for reporting this though!  I always depend on Mac Observer for the latest actual news.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account