Careto Malware Unmasked
Posted on by Derek Erwin
News of the new Careto malware has been making the rounds this week after over 1,000 victims in 31 countries were reportedly infected, whether on Mac, Windows or Linux computers. While currently inactive, following discovery by malware researchers, the malware’s attacks could restart at any time, says Gizmodo.
Intego’s Mac anti-virus software, VirusBarrier, with up-to-date malware definitions offer protection against Careto and all other known Mac malware.
Relying on phishing emails to infect computers, the Careto malware is able to log network traffic, record keystrokes, spy on Skype conversations and specifically searches for encryption keys, SSH keys or VPN settings to report back to its command and control servers.
Observed attacks were using multiple vectors, according to security researchers. These include at least one Adobe Flash Player exploit (CVE-2012-0773), social engineering, coercing users to download and execute a JavaUpdate.jar file or to install a Chrome browser plugin. Other exploits may exist as well.
It is not yet known who is responsible for Careto. Its high level of operational security and complexity has led researchers to believe that Careto might be state-sponsored. Intego may provide updates if more information becomes available.
How can I learn more?
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels:
photo credit: titoalfredo via photopin, CC BY-NC-SA 2.0