Kremlin-linked hackers believed to be behind Mac spyware Xagent

iPhone backups can be slurped for Mother Russia, say researchers.

By John Leyden

Kremlin-linked spies have been blamed for cooking up malware called Xagent, which targets victims running macOS to steal passwords, grab screenshots and exfiltrate iPhone backups stored on the Mac.

Preliminary analysis by security software firm Bitdefender has uncovered links to the APT28 cyber-espionage group, elsewhere identified as a Russian military intelligence (GRU) unit blamed from last year’s infamous attack on the US Democratic Party, an earlier attack on the German Bundestag, and many more. The latest malware features the same dropper/downloader and similar command and control centre URLs, as well as the same artefacts hardcoded in the binary files as had been seen in previous strains linked to APT28 (AKA Fancy Bear).

To read the entire article, please click here.