Malware researchers have recently discovered a new Mac malware variant called Komplex Trojan. This piece of malware is reportedly related to cyber espionage gang known as Sofacy Group, which targets security, military and government organizations. This Trojan has been detected by Palo Alto Networks, which reports that this gang has released three different versions of the indicated Trojan horse. One version can affect x64-bit architectures, another can hit x86-bit architectures, and the third version is strong enough to affect both versions. Reportedly, this malware variant exploits vulnerabilities in MacKeeper application to get into the target system. It then saves a vague PDF file on the compromised Mac – this file acts as a decoy. This file is called roskosmos_2015-2025.pdf, and the virus automatically opens it via Preview app. The document contains information about Russian Federal Space Program’s projects between 2016 and 2025. Considering contents of this document, it is believed that this Trojan targets people associated with the aerospace industry.
This malware variant might surprise Mac users with its rich set of features. This virus allows its operators to add or remove files from the system, launch them, execute other commands or gather private information. Collected information is sent to hackers’ command and control server, however, this can happen only when the infected computer is connected to the Internet.
Although this Trojan is unlikely to target home users, such attacks demonstrate that cyber criminals become more and more advanced and can initiate multi-platform attacks both against Windows and also Mac users. Our task is to spread knowledge and warn computer users that taking security measures is a matter of an utmost importance nowadays. Tips provided in this post by 2-Spyware researchers can help both Mac and Windows users to prevent malware attacks.