Dockster is a recently discovered Mac-based malware program that functions as a keylogger, among other things. It’s also a trojan, which means it can hide on a host computer quietly recording every keystroke before it contacts a remote server for further instructions. Dockster is considered “low risk,” but it has been found embedded on gyalwarinpoche.com–a site dedicated to the Dalai Lama.
F-Secure confirmed the infection and reported that Tibetan sites appear to be frequent targets for similar exploits:
This is not the first time gyalwarinpoche.com has been compromised and it certainly isn’t the first time Tibetan related NGOs have been targeted.
Researchers also say that the Mac malware found on this and other Tibetan sites are “very unlikely to be encountered ‘in-the-wild’ by day to day Mac users.”
Don’t rest easy assuming these sneaky programs are isolated, state-sponsored efforts targeting one prominent figure or one beleaguered nation like Tibet. As illustrated by this April report from Kaspersky Lab on the SabPub Mac trojan, cyber attackers are finding their way into Macs for a wide variety of reasons. Mac holdouts who have abstained from downloading antivirus software may have some thinking to do.