Tibetan Protesters Targeted by Mac Malware, Twitter Bots
Two monks at the Tashilhunpo monastery in southern Tibet.
CREDIT: Pichugin Dmitry/Shutterstock.com
Cybercriminals in China are deploying Mac-specific malware in an attempt to squash Tibetan advocacy groups' protests regarding Chinese rule and the suppression of Tibetan Buddhist culture.
The malware is being levied in targeted attacks against Tibetan nongovernmental organizations (NGO), including the Central Tibetan Administration and the International Campaign for Tibet, researchers at the security firm AlienVault wrote in a blog post.
The malware exploits a Java vulnerability to establish a backdoor on victims' computers, enabling the perpetrators to intercept information and transmit it back to remote command-and-control servers.
Researchers at SecureMac analyzed the attack and found that it requires no user interaction; victims must only visit a site hosting the malicious Java applet to set the scheme in motion.
Once installed, the malware sets up a launch agent to ensure it runs every time the computer starts up. Updating your Mac OS X software will remove you from the potential victim pool, SecureMac said, noting that Apple released a patch for the Java bug last November.
Pro-Tibet protestors also have to fend off and fight through a barrage of fake Twitter messages being spammed out by automated Twitter bots.
In his Krebs on Security blog, researcher Brian Krebs reported that "an ongoing flood of meaningless tweets" are being directed at hashtags, like "#Tibet", "#freetibet" used by Tibetan protestors.
By disseminating an overwhelming, but meaningless, amount of tweets using the popular hashtags, Twitter bots effectively dominate the conversation and prevent the actual activists from getting their information out. This same technique was used last December in Russia to suppress the online voices of dissenters protesting the controversial parliamentary election of Prime Minister Vladimir Putin.