Criminals have discovered a flaw in OS X, the Mac operating system, and are using it to control thousands of Apple computers around the world.
Russian security company Dr. Web first discovered the software, known as “Mac.BackDoor.iWorm.” We don’t yet know how the software spreads, but Dr. Web has released information on the clever way it connects to the criminals who control the program.
When a Mac is infected with Mac.BackDoor.iWorm, the program tries to make a connection to a command server. The iWorm reportedly uses Reddit’s search function to find comments left by the criminals in a Minecraft discussion section of the site. (Minecraft is the block-building game published by independent publisher Mojang, which Microsoft purchased for $US2.5 billion in September.)
Here’s a screenshot showing the Reddit posts the criminals used to control their hacked computers:
After iWorm finds the Reddit comments, it attempts to connect to the server addresses listed in the Minecraft subreddit. Once connected, criminals can send commands to their “botnet” of infected computers. Botnets are often used to send spam emails, mine Bitcoin, or flood websites with traffic that eventually crashes them.
It doesn’t seem like the infected computers are currently being used for any attack, so the criminals behind iWorm are likely only growing the network for now.
Dr. Web has published the number of computers that it believes has been affected by iWorm. As of September 26, 17,658 infected Mac computers have been discovered, with 4,610 of them in the US.