CallMe
CallMe is a backdoor Trojan that can give attackers control over your system. It's compatible with macOS PCs, with early campaigns targeting Tibetan political activists. Users can monitor e-mail and server vulnerabilities for preventing infections while using appropriate anti-malware software when there's a need for uninstalling CallMe.
Programs Calling Home without Permission
Tibet and PC users linked to it are semi-recurring targets of a variety of, generally, espionage-related campaigns through a rotating series of Trojans and spyware. ExileRAT, Reaver, the Gresim family, and Axiom's Moudour are examples of how different attackers might weaponize software for monitoring the activities of 'free Tibet' proponents. Other attacks show a different Trojan in the arena, however: CallMe.
Like the others, CallMe is a component of attacks that establish backdoor control over systems remotely and continue long-term spying from there. The backdoor Trojan uses Bash for issuing system commands and is specific to macOS environments. Despite its environmental favoritism, the Trojan also uses Word as its favored 'installer' through a buffer overflow vulnerability, CVE-2009-0563, that comes inside of venomously-crafted documents over e-mail.
CallMe isn't the only threat that's using Bash to illicit ends, either. The prominence of the dual shell and programming language also plays their part in the renowned Mayhem Botnet, which exploits a network of infected Linux servers. Tens of thousands of Shellshock attacks also testify to the weaknesses inherent to the shell. For its part, CallMe's motivations are, apparently, spying-related, rather than profit-seeking.
Stopping Outside Interference in Digital Politics
Besides the havoc that attackers might wreak on systems by issuing file-changing commands, CallMe poses other problems to any victims. The backdoor Trojan contains a built-in feature for exfiltrating information from the user's Address Book. Although other exploits are possible, the targeting of this information is a likely method of re-distributing CallMe to different targets within an already-breached network.
Assuming that its tactics don't alter between attacks, users should keep an eye on e-mail-based attacks. Malware experts often see phishing lures in such formats using attachments, such as documents, as well as address-obscuring links. In most, if not all cases, out-of-date software versions or users enabling macros are at fault for a successful drive-by-download deliberately. In the CallMe case, the attack with CVE-2009-0563 has been patchable for over a decade.
Mac-compatible anti-malware tools should delete CallMe on detection, if not account for the related risks of loss of private information necessarily. Users should warn their contacts of potential attacks through e-mail and other vectors as appropriate.
A patch is to software what a lock is to a door. As CallMe shows off so aptly, leaving software out-of-date is little different from leaving one's door open and being surprised that a stranger is inviting themselves inside.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.