Hackers affiliated with the Russian government are believed to have hacked the DNC last year with the purpose of influencing the presidential election. Reports last year revealed that the same hackers who pilfered the DNC servers were responsible for a piece of Android malware that turned phones belonging to the Ukrainian army into location trackers that sent information to the Russian military. With that in mind, it shouldn’t be surprising to hear that the same group has also developed a highly sophisticated malware for Macs that can be used to retrieve sensitive information from Apple computers, including iPhone backups.
Called APT28, the Russian hacking group has tools capable of cracking a variety of operating systems, Ars Technica reports, including Android, iOS, Mac, Linux, and Windows.
APT28 is comprised of mostly Russian-speaking hackers who work during Russian business hours. They have targeted Ukraine, Spain, Russia, Romania, the US, and Canada, Bitdefender explained in a report last year. The security company now says that APT28 created a modular backdoor for Mac called Xagent. The tool can be used to log passwords, capture screenshots, and steal iPhone backups stored on a Mac.
Why would hackers target Apple’s desktop platform rather than going for Windows or Android? Well, keep in mind that APT28 is believed to be acting on behalf of the Russian government, which means it’s not looking to steal data from regular individuals. Instead, the group might be developing tools for all sorts of operating systems, including the ones that are deemed to be more secure than others. And whenever you hear that a certain government or company is switching from Android to iPhone, you should know that hackers are also listening to the same news.
Hacking an iPhone is more difficult than an Android phone, but not impossible. Still, obtaining access to someone’s Mac, which can contain unencrypted iPhone backups, is much easier. On that note, if you’re not encrypting your iPhone backups, you should start doing it, especially if you’ve been given a government-purchased iPhone (or iPad).
In other words, this piece of Mac malware might not affect regular Apple computer users, especially after Apple finds ways to prevent it from working, so you shouldn’t freak out about someone stealing all your sexting pics from your Mac. However, if you’re a government employee, you should pay extra close attention to everything you’re doing on your Mac. These hackers still have to trick you into installing the backdoor yourself before they can actually steal any data, but you would be surprised at how often that happens.
Read more about this new macOS threat over at Bitdefender.