Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

A new threat for the macOS system spreads disguised as WhatsApp

May 14, 2019

Doctor Web’s researchers have found unique malware for the macOS operating system. It allows attackers to download and execute malicious python code on the victim’s device. Additionally, websites that spread the malware also infect their visitors with a Windows spyware trojan.

Our researchers discovered the new threat on April 29. This malware was named Mac.BackDoor.Siggen.20, and turned out to be a backdoor that allows hackers to upload malicious code from a remote server and execute it.

Mac.BackDoor.Siggen.20 gets on victims’ devices via websites controlled by its developers. One of the resources is disguised as a personal website with a nonexistent person’s portfolio. The other is disguised as the WhatsApp messenger official website.

#drweb #drweb

When users open one of those websites, the embedded code detects the visitor’s operating system and depending on that uploads either the backdoor or a trojan. If a visitor uses macOS, their device gets infected with Mac.BackDoor.Siggen.20, and BackDoor.Wirenet.517 is downloaded on Windows devices. The latter is a well-known RAT trojan used by hackers for controlling a victim’s PC remotely. It has several malicious functions, including using the camera and microphone on the victim’s device. Additionally, the RAT trojan has a valid digital signature.

#drweb

According to our information, the website spreading Mac.BackDoor.Siggen.20 under the cover of the WhatsApp messenger, was visited by about 300 visitors with unique IP addresses. The malicious resource has been active since March 24, 2019 and has not yet been used by hackers for large-scale campaigns. Nevertheless, Doctor Web’s researchers recommend staying cautious and keep the anti-virus updated. At the moment, all Mac.BackDoor.Siggen.20 components have only been detected successfully by Dr.Web anti-virus.

More about this threat

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040