We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Chinese Trojan targets Mac-using Uighur activists

Another suspected Chinese attack

Political activists with an interest in Chinese affairs are being targeted once again by a new backdoor Trojan campaign that almost certainly originates in the country, security companies have reported.

Based on the established MaControl (or MacControl) APT, the targets of the backdoor this time are Uighur activists running Windows and, interestingly, both Intel and old PowerPC-based Apple Macs.

As with previous anti-activist attacks with a Chinese connection, there is nothing unusual about the mechanics of the attack, which arrives in inboxes as a zip attachment containing an image and an application.

Launching the app opens the infected machine to information theft and remote control; the standard gamut of APT malware in other words.

Beyond the fact that Uighur politics (a restive ethnic minority in China's north-west) is of interest to Chinese organisations, the command and control servers are registered inside the country, but there is more; whomever wrote or adapted the malware code added debug in English that included the sort of spelling errors a non-native speaker might make.

"With Macs growing in popularity and their increased adoption by high profile targets, we expect the number of MacOS X APT attacks will also grow," noted Kaspersky Lab researcher, Costin Raiu, before adding that the Dalai Lama himself - a major target for Chinese nationalists - has recently been spotted using a Mac.

Security firm AlienVault has reported a separate version of the campaign that uses the well-known Gh0st RAT to hit PC users. In March, this was seen in an attack on pro-Tibetan sympathisers that bears some comparisons with the new attack. By May, Gh0st RAT was even being served from the Amnesty International UK website.


IDG UK Sites

Windows 9 release date, price, features: Windows 9 beta leaked ahead of 30 September unveiling

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

The Samsung Gear VR is better than the Oculus Rift (kinda)

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: How to buy an iPhone 6 today