DHARAMSHALA, June 30: Internet security company Kaspersky Labs has intercepted a new variant of the Tibet malware for OS X, distributed as part of a seemingly politically motivated APT (advanced persistent threat) attack.
Cnet.com reported yesterday that the malware is being distributed in e-mails and is contained within a ZIP file called "matiriyal.zip."
“If this file is opened it will reveal an image file and a text file that is a disguised OS X application that if run will install the malware. Once installed, the malware will connect to a command-and-control server based in China, and allow a remote attacker to issue local commands and access files,” the tech media website reported.
The Tibet malware was initially found in March and uses a classic Trojan horse approach, by enticing users to open the file based on curiosity and disguising the malware application as a benign document.
“Unlike some other recent malware attacks on OS X, the Tibet malware appears to be a concentrated political effort from mainland China against Tibetan activist groups, and is not being actively spread to other parts of the world,” cnet.com said.
According to Kaspersky labs, the answer for the unwarranted attention to the relatively smaller market of Mac operating systems by malware developers could lie in the fact that His Holiness the Dalai Lama has on occasions been seen using Mac during online activities.
“Therefore, the Tibet malware may be an attempt to spy and steal information about him and his activities, and those of similar groups that have been at political odds with China,” Kaspersky said.