A new piece of Mac malware, dubbed Komplex, has been discovered by Palo Alto Networks. This malware provides a backdoor into the system, like most other recent Mac malware.
The end product of infection is nothing more than a launch agent masquerading as an Apple updater and a hidden executable that’s kept running by that launch agent. The details of how the malware gets installed are still partly unknown. Palo Alto provided information about three different “binder” files, which are executable files that begin the process of installing the malware. However, it’s still not clear how these files get executed on the user’s system.
Palo Alto makes a connection between this malware and other malware created by the Sofacy Group, an organization that is known to target governments. Sofacy appears to be a Russian group, possibly funded by the Russian government, and are considered to be involved in the recent Democratic National Committee hacking. Malwarebytes Anti-Malware for Mac (free) detects the dropped components as OSX.Komplex.