A new version of the Tibet Trojan hitting Mac OS has been detected.

Kaspersky Lab informs you that a new version of a malicious program known as Tibet has been detected.

The virus infects computers running Mac OS X, where it exploits a known vulnerability (Java exploit) and targets a certain group of Uyghur activists.
')


The previous version of the virus was discovered in March of this year, it used the same vulnerability as the Flashback Trojan , which hit about 1% of all Mac systems. The new version was detected on June 27th. This time, a classic Trojan trick was used: the Trojan is distributed in a letter containing an attachment in the form of a ZIP file (named “matiriyal.zip”).
Inside is an application that is disguised as an image.



When the user starts the contents of the archive, the Trojan copies itself to the system, connects to the management server and switches to the command reception mode.
“Tibet” allows you to get a list of files, transfer them, as well as execute any command on an infected machine.
It is noted that the server that the Trojan connects to is located in China. Apparently, the Trojan is not designed for the widespread defeat of all Mac users, but only for groups of Tibetan activists, for whom China would like to spy on that way.
The choice of Mac OS-based systems for attack is also obvious, because Apple’s computers are very popular among Tibetan activists: the Dalai Lama himself is an ardent supporter and user of the Mac.
This is not the first use of malware for such purposes.
The recent history of the Flame virus suggests that cyber espionage is becoming a popular means of modern political struggle.