Last year, researchers found that Mac malware developed by APT28 Russian cyber intelligence group who is responsible for 2016 election hacking scandal. This is now targeting on Apple macOS system which is been used in several attacks against Android, iOS, Windows and Linux devices.
It is basically designed to steal browser password, capture screenshots of display, execute file, exfiltrate iPhone backup and notice system configuration. The X-Agent malware is from Russian hacking group called APT28 which is known as Fancy Bear, Pawn Storm and Sednit which has been operating from 2007 and it is linked to the Russian government.
It is similar to other variants, the Mac version of the X-Agent spyware acts as a backdoor with the advanced cyber intelligence capabilities which can be customized on the objective of an attack. However, X Agent exploited a liability in the Mackeeper software installed on the computer which is known as malware dropper Komplex. It is a type of first stage Trojan which can be used to infect the machines.
According to above mentioned evidences, it is clear that the newly developed malware for Mac device is created by the same Russian hacking group. Once it is successfully installed on Mac system, the backdoor checks for debuggers and if it is present then it terminates itself to stop execution. But in case it is not installed, backdoor waits for internet connection to communicate with the control servers. However, research is still in progress and according to Bitdefender security researchers, they have Mac malware sample and they had not full picture that how an attack on Mac works.
APT28 is one of the Russian-linked cyber-intelligence group which may have been suspect of hacking the U.S. Democratic National Committee’s email server. You can opt for antivirus tool in order to encrypt files on your iPhone and secure data from being attacked by Russian hackers.