Shaun Nichols
December 5, 2012
malware sample has been spotted by researchers on sites claiming to support of the Dalai Lama.
Researchers from both Intego and F-Secure reported finding samples of the ‘Dockster’ malware circulating on pro-Tibet websites. The site claims to be run by the office of the Dalai Lama and contains information on the Tibetan spiritual leader.
According to researchers, the page itself uses a Javacript exploit to compromise OS X systems and install the keylogging malware. Users can protect themselves from the attack by updating their systems to the latest version of Java.
Intego researchers have classified the malware as a low-level threat due to its limited distribution.
“Dockster is a very basic backdoor trojan that provides a remote connection to an attacker, along with keylogging functionality and the ability to download additional files,” the company said in its report.
“The remote address that the backdoor attempts to contact to receive commands is now active.”
This is not the first time sites in support of the Dalai Lama have been compromised for use in malware attacks. In 2009 state-sponsored groups in China were accused of using pro-Tibetan sites to spread spyware and other monitoring tools, presumably for use in spying on pro-Tibetan activists.
Cyber-espionage in China has become a hot topic in recent weeks as government officials in the US have expressed concern that Chinese state-sponsored groups were targeting US firms for surveillance and data theft.