OSX/Dockster Found on Tibetan Website

Posted on by

OSX/Dockster was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the wild, on a website dedicated to the Dalai Lama that has been compromised to deliver the same exploit code as used by SabPab to push Dockster. (This Java vulnerability was also the same one used by Flashback.) The exploit code is currently detected by VirusBarrier as OSX/SabPab, and up-to-date versions of Java have fixed this vulnerability.

Dockster is a very basic Backdoor trojan that provides a remote connection to an attacker, along with keylogging functionality and the ability to download additional files. The remote address that the backdoor attempts to contact to receive commands is now active. For more information on this threat, please see our previous blog post.

Intego VirusBarrier users with up-to-date virus definitions are protected from this threat, whose components are detected as OSX/SabPab and OSX/Dockster.A.