London, 8 Feb – Security researchers are warning that Iranian hackers may be trying to target the US Defence Department and their industry colleagues, Lockheed Martin, Raytheon and Boeing.
Claudio Guarnieri and Collin Anderson, who are researching Iranian threats of cyber-espionage, found the malware (MacDownloader) on a website which spoofed the U.S. aerospace company United Technologies.
Visitors to the fake site, which the researchers believe to be owned by Iranian hackers, are taken to a page about free programs and courses for employees of the U.S. defence companies Lockheed Martin, Raytheon and Boeing.
They are asked to download Adobe Flash to watch an embedded video, which is when the malware attacks your computer. It profiles your computer, stealing credentials by creating fake login boxes which employees would put their work IDs into.
Thankfully, the malware is believed to be the first attempt by an amateur; it has numerous spelling and grammar mistakes and failed to run a script which would download additional malicious coding. However, it still managed to avoid detection by an antivirus engine.
Guarnieri and Anderson found evidence that the hacker may be Iranian because the uploader used wireless networks called “Jok3r” and “mb_1986”, which are linked to Iranian hacking groups.
Anderson also noted that the malware had been used to attack a human rights activist, which is troubling because many activists in Iran are dependent on Apple devices.
Guarnieri and Anderson wrote in their report: “While this [malware] is neither sophisticated nor full-featured, its sudden appearance is concerning given the popularity of Apple computers.”