Sabpab, new Mac OS X backdoor Trojan horse discovered

Sabpab, new Mac OS X backdoor Trojan horse discovered

More malware for the Mac OS X platform has been discovered, hot on the heels of the revelation that some 600,000 Macs had been infected in the Flashback attack.

And just like Flashback, the new Trojan doesn’t require any user interaction to infect your Apple Mac.

The Sabpab Trojan horse exploits the same drive-by Java vulnerability used to create the Flashback botnet.


The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.

The Trojan creates the files



Encrypted logs are sent back to the control server, so the hackers can monitor activity.

The potential for abuse of compromised Macs should be obvious, given the Trojan’s functionality.

Sabpab commands

The Sabpab Trojan is not believed to be anything like as widespread as Flashback, but still underlines the importance of protecting Macs against malware with an up-to-date anti-virus program and security updates.

It’s time for Mac users to wake up and smell the coffee. Mac malware is becoming a genuine issue, and cannot be ignored any longer.

Sophos products, including our free Mac anti-virus for home users, detect the Trojan horse as OSX/Sabpab-A.

Of course, those users who had already protected their computers with Sophos products were already defended against the Java vulnerability.

DownloadFree Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition