{"id":7684,"date":"2012-12-03T08:18:27","date_gmt":"2012-12-03T16:18:27","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=7684"},"modified":"2026-07-01T13:58:54","modified_gmt":"2026-07-01T20:58:54","slug":"osxdockster-found-on-tibetan-website","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/","title":{"rendered":"OSX\/Dockster Found on Tibetan Website"},"content":{"rendered":"<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-mac-spyware-discovered-osxdockster-a\/\">OSX\/Dockster<\/a> was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the wild, on a website dedicated to the Dalai Lama that has been compromised to deliver the same exploit code as used by <a href=\"https:\/\/www.intego.com\/mac-security-blog\/sabpab-backdoor-exploits-java-vulnerability\/\">SabPab<\/a> to push Dockster. (This Java vulnerability was also the same one used by Flashback.) The exploit code is currently detected by VirusBarrier as OSX\/SabPab, and up-to-date versions of Java have fixed this vulnerability.<\/p>\n<p>Dockster is a very basic Backdoor trojan that provides a remote connection to an attacker, along with keylogging functionality and the ability to download additional files. The remote address that the backdoor attempts to contact to receive commands is now active. For more information on this threat, please see our <a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-mac-spyware-discovered-osxdockster-a\/\">previous blog post<\/a>.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/features\/virus-scanner\">Intego VirusBarrier<\/a> users with up-to-date virus definitions are protected from this threat, whose components are detected as OSX\/SabPab and OSX\/Dockster.A.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OSX\/Dockster was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the wild, on a website dedicated to the Dalai Lama that has been compromised to deliver the same exploit code as used by SabPab to push Dockster. (This [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8763,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[190],"tags":[86,2779,2773],"class_list":["post-7684","post","type-post","status-publish","format-standard","has-post-thumbnail","category-malware","tag-mac-malware","tag-osxdockster","tag-tibetan"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>OSX\/Dockster Found on Tibetan Website - The Mac Security Blog<\/title>\n<meta name=\"description\" content=\"OSX\/Dockster was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OSX\/Dockster Found on Tibetan Website - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"OSX\/Dockster was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-12-03T16:18:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-01T20:58:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lysa Myers\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/\"},\"author\":{\"name\":\"Lysa Myers\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/person\\\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"OSX\\\/Dockster Found on Tibetan Website\",\"datePublished\":\"2012-12-03T16:18:27+00:00\",\"dateModified\":\"2026-07-01T20:58:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/\"},\"wordCount\":168,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2012\\\/12\\\/MalwareAlert-intego.jpg\",\"keywords\":[\"Malware\",\"OSX\\\/Dockster\",\"Tibetan\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/\",\"name\":\"OSX\\\/Dockster Found on Tibetan Website - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2012\\\/12\\\/MalwareAlert-intego.jpg\",\"datePublished\":\"2012-12-03T16:18:27+00:00\",\"dateModified\":\"2026-07-01T20:58:54+00:00\",\"description\":\"OSX\\\/Dockster was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2012\\\/12\\\/MalwareAlert-intego.jpg\",\"contentUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2012\\\/12\\\/MalwareAlert-intego.jpg\",\"width\":\"400\",\"height\":\"260\",\"caption\":\"Malware Alert from Intego\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/osxdockster-found-on-tibetan-website\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OSX\\\/Dockster Found on Tibetan Website\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#website\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\",\"name\":\"Intego\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/person\\\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/author\\\/lysam\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OSX\/Dockster Found on Tibetan Website - The Mac Security Blog","description":"OSX\/Dockster was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/","og_locale":"en_US","og_type":"article","og_title":"OSX\/Dockster Found on Tibetan Website - The Mac Security Blog","og_description":"OSX\/Dockster was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the","og_url":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/","og_site_name":"The Mac Security Blog","article_published_time":"2012-12-03T16:18:27+00:00","article_modified_time":"2026-07-01T20:58:54+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","type":"image\/jpeg"}],"author":"Lysa Myers","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/"},"author":{"name":"Lysa Myers","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"OSX\/Dockster Found on Tibetan Website","datePublished":"2012-12-03T16:18:27+00:00","dateModified":"2026-07-01T20:58:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/"},"wordCount":168,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","keywords":["Malware","OSX\/Dockster","Tibetan"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/","url":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/","name":"OSX\/Dockster Found on Tibetan Website - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/#primaryimage"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","datePublished":"2012-12-03T16:18:27+00:00","dateModified":"2026-07-01T20:58:54+00:00","description":"OSX\/Dockster was discovered on VirusTotal on Friday, possibly as part of a test before pushing it to the public. This malware is now known to be in the","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/#primaryimage","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","width":"400","height":"260","caption":"Malware Alert from Intego"},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/osxdockster-found-on-tibetan-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"OSX\/Dockster Found on Tibetan Website"}]},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a244278f35cc41c7ec676b36673dee0464ed8c7ceafb1ff484fdf13a916d126c?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/7684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=7684"}],"version-history":[{"count":12,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/7684\/revisions"}],"predecessor-version":[{"id":105339,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/7684\/revisions\/105339"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8763"}],"wp:attachment":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=7684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=7684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=7684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}