Mac Users Need Not Worry About Regin Malware

Posted on November 25th, 2014 by

Regin Trojan horse malware

Security researchers have issued an alert this week upon the discovery of a major backdoor in Windows platforms, a threat currently classified as very low. The threat, called “Regin,” is a Trojan horse that opens a backdoor and steals information from the compromised computer, according to Symantec.

Systems affected by Regin malware—as detected for now—are: Windows 2000, Windows 7, Windows NT, Windows Vista, and Windows XP.

PCWorld’s Nancy Weil reported that the multistage loading aspect of Regin is comparable to Duqu/Stuxnet malware, which are related to a surge in politically motivated malware attacks, and that it likely took months—if not years—for its creators to develop.

Regin also takes a modular approach, so that custom features of it are specific to its targets—an approach used with other advanced malware families, including Flamer and Weevil. […] Researchers have identified dozens of payloads, with some specific and advanced payload modules found, including a Microsoft IIS Web server traffic monitor and a traffic sniffer aimed at mobile telephone base-station controllers.

The long and short of it is, Regin looks like a variant (or maybe the father of) various Windows malware that has cropped up over the years. [tweetable hashtag=”#Regin #Mac”]For Mac users, the most salient takeaway is this: Regin malware is not something we have to worry about.[/tweetable]

Apple has put more safety measures in place (like requiring kexts to be code signed, and requiring special permissions to code sign kexts, and not allowing code signed kexts to be distributed through the App Store), so the chances of this type of attack affecting the Mac OS X platform decrease with every major operating system release.

Nonetheless, if this threat finds its way on to your Mac, you don’t want to inadvertently forward the malicious file to Windows users. Intego VirusBarrier with up-to-date virus definitions detects and eradicates this malware as W32/Regin.