Multi-Platform Backdoor Malware in the Wild

Wednesday, July 11, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Malware propagators, though criminal in nature, are still business-minded and look for the maximum return on their development investments.

As such, it is no surprise that malicious code that is designed to target more than one operating system are becoming increasingly common.

Researchers at security provider F-Secure have discovered a new malware variant in the wild that is designed to target multiple operating systems.

"We recently came across a compromised Colombian Transport website where the malware author utilizes social engineering by displaying a signed applet upon visiting the page," writes F-Secure's Karmina.

Based on the detected OS the targeted system is running, the malware then proceeds to infect the unit with malicious code for that particular platform.

"The JAR file checks if the user's machine is running in Windows, Mac or Linux then downloads the appropriate files for the platform," the researchers discovered.

Once the target system is initially infected, the malware connects to the Command and Control (C&C) server to download more executable files.

"All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux, and Windows respectively," they explained.

"The C&C and hacked website have been reported," F-Secure stated.

Multi-platform malware is not entirely new, but with the increasing popularity of Apple products and systems running Linux, there is an incentive for malware authors to save time and resources by developing strains that are capable of infecting multiple operating systems.

In early 2011, McAfee malware researcher Carlos Castillo had posted an interesting article on the measured increase in cross-platform java-based malware strains seeking to infect machines running both Windows and Mac operating systems, such as IncognitoRAT.

Though evidence at the time had yet to show the exploit was infecting machines other than those running Windows, theoretically the malware was designed with the intent to also pose a threat to those running the Mac OSX.

Then in April of this year, Symantec had discovered a multi-platform java-based malware strain that seeks to infect machines running both Windows and Mac operating systems. The similarly clever malware could detect which operating system a targeted system is running and commence the infection with the appropriate code.

Simply put, casting a wider net by designing malware for multi-platform infections is cost effective, and the trend will certainly continue to become more common.

Source:  http://www.f-secure.com/weblog/archives/00002397.html

Possibly Related Articles:
13975
Viruses & Malware
malware Windows Operating Systems Linux Headlines backdoor Mac OS X F-Secure multi-platform
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.