Warning: New Java trojan targets Apple’s OS X along with Windows, Linux

“A new form of browser-based cross-platform malware can give hackers remote access to computers running Apple’s OS X, Microsoft’s Windows, and even Linux,” Sam Oliver reports for AppleInsider. “The multi-platform backdoor malware was disclosed this week by security firm F-Secure. It was originally discovered on a Colombian Transport website, and relies on social engineering to trick users into running a Java Archive file, meaning it is not likely to be a major threat.”

Oliver reports, “However, its cross-platform design is unique. If users grant permission to the Java Archive, the malware will secretly determine whether the user is running a Mac, a Windows PC, or a Linux machine. When running on a Mac, the malware will remotely connect to an IP address through port 8080 to obtain additional code to execute. On a Mac, the new malware is defined as ‘Backdoor:OSX/GetShell.A.’ According to F-Secure, it is a PowerPC binary, which means users running a modern, Intel-based Mac must also have Rosetta installed.”

Oliver reports, “While rare, cross-platform malware attacks are not unheard of. In 2010, a Trojan known as ‘trojan.osx.boonana.a”‘ was a Java-based exploit that affected both Macs running OS X, as well as Windows PCs.”

Read more in the full article here.

MacDailyNews Take: Java. It’s the new Flash.

Here’s what’s shown if visited using a Mac:

OS X Trojan Dialog

Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.

Related articles:
Symantec: Mac Flashback trojan infections declining rapidly, have dropped six-fold in a week – April 18, 2012
Apple releases Flashback trojan removal tool – April 14, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
600,000 Macs infected with Flashback trojan, 274 in Cupertino; how to check your Mac – April 5, 2012
Warning: New Mac trojan hides in pirated graphics software – November 1, 2011
Hackers port Linux trojan to Mac OS X – October 26, 2011
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011
New OS X trojan horse sends screenshots, files to remote servers – September 23, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
MACDefender trojan protection and removal guide – May 20, 2011
Apple investigating ‘MACDefender’ trojan – May 19, 2011
Apple malware: 6 years of crying wolf – May 6, 2011
Is Mac under a virus attack? No. – May 4, 2011
Intego: MACDefender rogue anti-malware program attacks Macs via SEO poisoning – May 2, 2011
Sophos details new Mac OS X Trojan – February 28, 2011
Warning: Mac users beware of yet another trojan masquerading as video codec – June 11, 2009
CNN blows it; gets all worked up about a Mac Trojan that isn’t the first nor is it the last – April 23, 2009
Mac trojan expands to affect pirated versions of Photoshop CS4 – January 26, 2009
Intego: Mac trojan horse found in pirated Apple iWork ‘09 – January 22, 2009
New Mac OS X Trojan horse identified – June 23, 2008
Mac OS X Scareware trojan ‘MacSweep from Imunizator’ tries to scam Mac users – March 29, 2008
Mac trojan makers churn out slightly modified versions to evade anti-malware detection – November 08, 2007
Mac DNS Changer Trojan [OSX/Puper] relatively simple; works like the Windows version – November 01, 2007
New Mac OS X Trojan warning – February 16, 2006
Apple: ‘Opener’ is not a virus, Trojan horse, or worm – November 02, 2004

21 Comments

  1. So I’m going to authorize access to my computer to an application I never heard of, with and unverified ROOT ACCESS certificate that’s associated with a Singapore time zone? Are you fscking nuts?!!!

    PowerPC? Apple’s somehow responsible for security for an architecture they abandoned 5 years ago?!!!

    Nice work, F-Secure. Best FUD built on nothing I’ve seen in a long time.

  2. Yeah, this is pretty poor considering Lion can’t run PowerPC code and Snow Leopard excluded Rosetta by default. Not much of a threat…

    Although it does go to show that Java is just as bad, if not worse, than Flash in regards to security. Time to abandon that as well.

  3. I would like to take the opportunity to point out again that every one of the “threats” that have been reported for the Mac over the last year have been built on 3rd party software.

    Mac haters jump up and down with glee and say, “See! The Mac is just as bad as the PC!”

    Well the truth of the matter is no, it is not. This does not mean you shouldn’t be as vigilant as anyone else on the Internet, but I do submit that you are still playing it safer by going Mac instead of Windows.

    One rule of thumb is to think twice before installing software that can instructions (programs) from external sources. {Cough}Java{Cough}Flash{Cough}Office{Cough.}

    1. What you say is true, but the fact that a risk exists- while not Apple’s fault- does exist. There is some nasty crap showing up out there and the Mac needs to tighten things up a bit.

      Like it or not, plenty of people use Java, Flash & Office to get their business done.

      Yesterday I was searching for DVD cover art for a Concert DVD I had bought and what Google showed as an image file was hot-linked to a bit torrent site (supposedly) with a pop up yes/no dialog box that would not disappear, would not allow the tab to close and resisted everything (including Command Q) but a force quit (kill) of Safari. You used to see stuff like that only on Windows and it is creeping into the Maciverse.

      The moral of the story is that I should have scanned my DVD cover for iTunes cover art instead of a Google image search, but the bigger story is that there are vulnerabilities in the Apple universe. Google’s recent fine was for what amounts to iOS hacking via Safari, so Apple users should still be wary.

      The Mac is the safest consumer OS out there, but it can still be had.

      1. That is nonsensical equivocation, windows is a cesspool of viruses and malware (literally thousands of zero day viruses and exploits), that are near impossible to detect and (also) near impossible to remove. Most “windows techs” recommend formatting (low level) the drive and reinstalling windows (and then all of you applications and drivers from the original disks (not restoring from backup images)

        That OS X go a benign java “malware” (wasn’t’ a virus because it couldn’t replicate) that was easy to spot and dead simple to remove is not even close to equivalent.

        It is like saying “a spring shower and a class 4 hurricane are equivalent because both can case flooding.”
        While that is true both can cause flooding the statement is false because it uses false criteria (that causing local stream flooding is equivalent to the storm surge of a massive hurricane)
        Winditiots use this “every platform has security issues” to justify their stupidity of clinging onto a operating system with MASSIVE security issues when much better alternatives exist (OS X, Linux- de jour, BSD) because it is all they know.

          1. progressiveagentprovocateur
            Wednesday, July 11, 2012 – 6:16 pm · Reply

            “I never said a thing about Windows. I said that the threat level is increasing and Apple should up it’s game.”

            Pap, you don’t even know what you write just 5 short hours ago do you?

            Pap said at 1:33 pm:
            “You used to see stuff like that only on Windows and it is creeping into the Maciverse.”

            You aren’t even a competent troll.

            1. The fact that I was not espousing Windows nor drawing some false equivalent was my point regarding not bringing Windows into the fray. The point was is that te Maciverse and iOS have security holes and the large user base will continue to draw more attention.

            2. Oh puhlease…
              You just continue on, ignoring the reality of the situation, ignore what you just said and then just re-state your flawed (nonsensical) premise of equivocation for which you have no real facts or justification.

              Just to clarify; no this is not a “real risk” to anyone one with a modicum of common sense. And no, OS X is not becoming like windows (which is a cesspool of exploits & viruses that are both unlikely to be able to be detected or removed even if detected)

  4. “Do you want content signed by xx to have access to your computer?”

    It’s a question so why not some proper buttons like “Yes” or “No”. Would you say “Cancel” or “Continue” if someone directly asked you that question?

    “Continue” doesn’t give any clue to what the next step is or what will happen if you click it.

    “Yes, give access” would make more sense.

    1. Agree with that statement! The buttons need to have buttons that are more obvious to the result you will get. Infected or not. Even “Allow access” and “Deny Access” would get the point across better. Agree “Continue” gives no clue as to what you are actually continuing with.

      1. I don’t know if I buy that…

        “Do you want contact signed by “ComuTv” to have access to your computer”
        This certificate could not be verified. Do not trust it if you do not know who issued it

        Cancel or continue…

        Is pretty self explanatory even to a fifth grader
        So, I guess I have to ask the famous question:
        “Are you smarter than a 5th grader?”

        1. As an IT, I’ve seen many people confused very easily. I usually tell them if they don’t know, leave it on the screen and call me. I have an 80+ client who is always misunderstanding things, or confused. You can’t look at everything through the eyes of the average computer user.

          1. As an IT what? There is no such thing as an IT.
            IT is an acronym for information technology. You are an information technology? That make no sense.

            However judging from your description of your “average computer user” it appears likely that you work in a preschool.

            I wouldn’t have anyone in my employ who was daft enough not to understand what that dialog says (Again I can’t imagine that any secondary school (high school) graduate would have a problem understanding that dialog)

            1. Whatever. My clients are a wide variety of ages and tech abilities. I’m not going to get into a pissing match with you. If you and your friends understand it, I guess that is all that matters.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.