The new Trojan, called SabPub, is a "custom OS X backdoor" that miscreants appear to have built in order to carry out targeted attacks, and there is evidence to suggest that they may be targeting pro-Tibetan activists, Costin Raiu, director of research and development at Kaspersky Lab, said in a Saturday blog post.
Like Flashback, SabPub requires no user interaction and installs itself on a machine when the user visits an infected Webpage.
Once it infects a machine, the SabPub Trojan attempts to connect to command and control servers in order to remotely harvest data, Raiu said in the blog post.
On Sunday, remote attackers took control of one of Kaspersky Lab's SabPub-infected test machines and stole some of the dummy files on it, which suggests an active Advanced Persistent Threat that is being controlled by an actual person, according to Raiu.
"We are pretty confident the operation of the bot was done manually -- which means a real attacker, who manually checks the infected machines and extracts data from them," Raiu said in a Sunday blog post.
Kaspersky also identified a second SabPub variant that appears to have been extracted from a Word document or was distributed as a Doc-file, Raiu said in the blog post.
Apple issued a patch for the Java vulnerability on April 4, but security researchers criticized the company for its slow response to the issue, which was brought to its attention in February.
Attackers used the Flashback malware to build a worldwide botnet encompassing some 670,000 infected machines. That figure has dropped considerably since Thursday, however, when Apple released an update for Mac OS X v10.7 and v10.6 that removes most common variants of Flashback.
Apple has also been working with Internet service providers to take down the command-and-control servers associated with the Flashback malware.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Cloud Learning Center

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

Comcast Business
Comcast Business Learning Center
