New ‘Tibet’ Malware Surfaces for OS X, Could Put Personal Data at Risk

Following significant OS X malware concerns in the past, such as the massive recent Flashback trojan episode, a new piece of OS X malware has been spotted in the wild by Kaspersky Labs. The malware, dubbed Tibet, is distributed through email in a .Zip file, and could allow an attacker to remotely take over your Mac and upload your personal information to a remote server.

Cnet reports:

The malware is being distributed in e-mails to certain Uyghur Mac users, and is contained within a ZIP file called “matiriyal.zip.” If this file is opened it will reveal an image file and a text file that is a disguised OS X application that if run will install the malware. Once installed, the malware will connect to a command-and-control server based in China, and allow a remote attacker to issue local commands and access files.

[…]

This latest variant of the malware uses a classic Trojan horse approach, by enticing users to open the file based on curiosity and disguising the malware application as a benign document.

Fortunately, the malware is unlikely to become a major threat for a number of reasons. First, it appears to be specifically focused towards Tibetan activist groups by the Chinese government, and isn’t actively being spread globally. Second, it requires the user to specifically download and execute a program from an email attachment, which many users wouldn’t do anyway – especially if the email isn’t from someone they actually know.

For those concerned about the Tibet malware, the solution is simple: Don’t run programs that you don’t trust or can’t verify, and don’t download email attachments from people you don’t personally know and trust. Of course, that should be common sense…

J. Glenn Künzler

Glenn is Managing Editor at MacTrast, and has been using a Mac since he bought his first MacBook Pro in 2006. He lives in a small town in Utah, enjoys bacon more than you can possibly imagine, and is severely addicted to pie.