Security company Kaspersky Lab has intercepted a new variant of the Tibet malware for OS X, which is being distributed to specific Uyghur activist groups as part of a seemingly politically motivated APT (advanced persistent threat) attack.
The malware is being distributed in e-mails to certain Uyghur Mac users, and is contained within a ZIP file called "matiriyal.zip." If this file is opened it will reveal an image file and a text file that is a disguised OS X application that if run will install the malware. Once installed, the malware will connect to a command-and-control server based in China, and allow a remote attacker to issue local commands and access files.
The Tibet malware was initially found in March and initially used the same Java exploit that allowed the infamous Flashback attack to infect about 1 percent of Mac systems. Since then the malware has been released in variants that have exploited other known vulnerabilities, such as the MS09-027 vulnerability in Microsoft Office that was found and patched in 2009.