An unofficial website dedicated to the Dalai Lama has been found to contain an embedded Mac Trojan called Dockster. The Trojan exploits a Java vulnerability and logs keystrokes.
The affected website – gyalwarinpoche.com – is not the Dalai Lama’s official homepage but it is registered to the Dalai Lama’s offices in Dharamsala, India.
The vulnerability was first reported by F-Secure:
The Java-based exploit uses the same vulnerability as “Flashback”, CVE-2012-0507. Current versions of Mac OS X and those with their browser’s Java plugin disabled should be safe from the exploit. The malware dropped, Backdoor:OSX/Dockster.A, is a basic backdoor with file download and keylogger capabilities.
The Dockster Trojan was itself only discovered recently:
A sample of a new Mac spyware called OSX/Dockster.A was found today on VirusTotal. This trojan is currently considered low risk as it is not known to have infected users. It has backdoor functionality, including a keylogger component that records an affected user’s typing.
The threat from this Trojan isn’t thought to be widespread at this time but, even so, users are advised to ensure they have updated antivirus protection on their machine as well as the latest version of Java.