Unofficial Dalai Lama Website Contains Embedded Dockster Trojan

An unofficial website dedicated to the Dalai Lama has been found to contain an embedded Mac Trojan called Dockster. The Trojan exploits a Java vulnerability and logs keystrokes.

The affected website – gyalwarinpoche.com – is not the Dalai Lama’s official homepage but it is registered to the Dalai Lama’s offices in Dharamsala, India.

Dalai-Lama

The vulnerability was first reported by F-Secure:

The Java-based exploit uses the same vulnerability as “Flashback”, CVE-2012-0507. Current versions of Mac OS X and those with their browser’s Java plugin disabled should be safe from the exploit. The malware dropped, Backdoor:OSX/Dockster.A, is a basic backdoor with file download and keylogger capabilities.
F-Secure blog

The Dockster Trojan was itself only discovered recently:

A sample of a new Mac spyware called OSX/Dockster.A was found today on VirusTotal. This trojan is currently considered low risk as it is not known to have infected users. It has backdoor functionality, including a keylogger component that records an affected user’s typing.
Intego.com

The threat from this Trojan isn’t thought to be widespread at this time but, even so, users are advised to ensure they have updated antivirus protection on their machine as well as the latest version of Java.

photo: Joi

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*