Another Mac OS X Trojan has been spotted in the wild.
The Backdoor.OSX.SabPub.a (SabPub) Trojan was found by Kaspersky Lab’s Costin Raiu and, like the recent Flashback Trojan, the new malware spreads by exploiting Java weaknesses as well as through Word documents. SabPub is believed to be related to a Windows-based APT (advanced persistent threat) from 2011 called LuckyCat which, once installed, contacts a remote website for orders.
Raiu has said that at present there are at least two variants of the Trojan, the earliest version of which seems to have been created in February this year. The APT is currently active and the command and control server that the malicious software contacts was active until very recently.
Raiu says that, based on the analysis of the APT in action, it is very likely that SabPub is operated manually.