Criminals have discovered a flaw in OS X, the Mac operating system, and are using it to control thousands of Apple computers around the world.
The Russian security company Dr. Web first discovered the software, known as “ .” We don’t yet know how the software spreads, but Dr. Web has released information on the clever way it connects to the criminals who control the program.
When a Mac is infected with, the program tries to make a connection to a command server. The iWorm reportedly uses Reddit’s search function to find comments left by the criminals in a Minecraft discussion section of the site. (Minecraft is the block-building video game published by independent publisher Mojang, which Microsoft purchased for $2.5 billion in September.)
Here’s a screenshot showing the Reddit posts the criminals used to control their hacked computers:
After iWorm finds the Reddit comments, it attempts to connect to the server addresses listed in the Minecraft subreddit. Once connected, criminals can send commands to their “botnet” of infected computers. Botnets are often used to send spam emails, mine Bitcoin, or flood websites with traffic that eventually crashes them.
It doesn’t seem like the infected computers are currently being used for any attack, so the criminals behind iWorm are probably only growing the network for now.
Dr. Web has published the number of computers that it believes have been affected by iWorm. As of last Friday, 17,658 infected Mac computers have been discovered, with 4,610 of them in the US.