Malware + Security & Privacy

New Tibet Variant Found

Posted on by

There is currently a new variant of the Tibet family of malware making the rounds. This is an attack that targets Uyghur Mac users.

The attack arrives in an email with a zip file called “” that contains an image file and an OS X application file. The application is a new variant of the Tibet family of malware, which creates a backdoor that allows a remote attacker to view and access files on the computer as well as running commands.

The previous variant, Tibet.C, used an already-patched MS Office exploit, which was detected by Intego as W97/CodeExec.gen. The latest variant does not contain an exploit, but relies on the user ‘s curiosity to make them choose to run the file.

If the application is run, no user interaction required. It will be installed without requesting a password.

Intego VirusBarrier X6 with current malware definitions protects against this malware as OSX/Tibet.C. While this malware is being found in the wild, the threat is currently low.