“A new form of browser-based cross-platform malware can give hackers remote access to computers running Apple’s OS X, Microsoft’s Windows, and even Linux,” Sam Oliver reports for AppleInsider. “The multi-platform backdoor malware was disclosed this week by security firm F-Secure. It was originally discovered on a Colombian Transport website, and relies on social engineering to trick users into running a Java Archive file, meaning it is not likely to be a major threat.”
Oliver reports, “However, its cross-platform design is unique. If users grant permission to the Java Archive, the malware will secretly determine whether the user is running a Mac, a Windows PC, or a Linux machine. When running on a Mac, the malware will remotely connect to an IP address through port 8080 to obtain additional code to execute. On a Mac, the new malware is defined as ‘Backdoor:OSX/GetShell.A.’ According to F-Secure, it is a PowerPC binary, which means users running a modern, Intel-based Mac must also have Rosetta installed.”
Oliver reports, “While rare, cross-platform malware attacks are not unheard of. In 2010, a Trojan known as ‘trojan.osx.boonana.a”‘ was a Java-based exploit that affected both Macs running OS X, as well as Windows PCs.”
Read more in the full article here.
MacDailyNews Take: Java. It’s the new Flash.
Here’s what’s shown if visited using a Mac:
Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.
Related articles:
Symantec: Mac Flashback trojan infections declining rapidly, have dropped six-fold in a week – April 18, 2012
Apple releases Flashback trojan removal tool – April 14, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
600,000 Macs infected with Flashback trojan, 274 in Cupertino; how to check your Mac – April 5, 2012
Warning: New Mac trojan hides in pirated graphics software – November 1, 2011
Hackers port Linux trojan to Mac OS X – October 26, 2011
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011
New OS X trojan horse sends screenshots, files to remote servers – September 23, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
MACDefender trojan protection and removal guide – May 20, 2011
Apple investigating ‘MACDefender’ trojan – May 19, 2011
Apple malware: 6 years of crying wolf – May 6, 2011
Is Mac under a virus attack? No. – May 4, 2011
Intego: MACDefender rogue anti-malware program attacks Macs via SEO poisoning – May 2, 2011
Sophos details new Mac OS X Trojan – February 28, 2011
Warning: Mac users beware of yet another trojan masquerading as video codec – June 11, 2009
CNN blows it; gets all worked up about a Mac Trojan that isn’t the first nor is it the last – April 23, 2009
Mac trojan expands to affect pirated versions of Photoshop CS4 – January 26, 2009
Intego: Mac trojan horse found in pirated Apple iWork ‘09 – January 22, 2009
New Mac OS X Trojan horse identified – June 23, 2008
Mac OS X Scareware trojan ‘MacSweep from Imunizator’ tries to scam Mac users – March 29, 2008
Mac trojan makers churn out slightly modified versions to evade anti-malware detection – November 08, 2007
Mac DNS Changer Trojan [OSX/Puper] relatively simple; works like the Windows version – November 01, 2007
New Mac OS X Trojan warning – February 16, 2006
Apple: ‘Opener’ is not a virus, Trojan horse, or worm – November 02, 2004