Warning This Cross Platform Malware Can Hack Windows Linux and OS X Computers



Nordnet Baritof
Nordnet Baritof
  • Technical Writer
  • Entrepreneur
  • Founder and CEO
  • Developer
  • Blogger and IT Analyst
2016-09-08 12:41:42

| Share
| Share
| Share
Warning This Cross Platform Malware Can Hack Windows Linux and OS X Computers

Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation.

Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution.

Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms.

One such malware family has recently been discovered by researchers at Kaspersky Lab, which run on all the key operating systems, including Windows, Linux, and Mac OS X.

Stefan Ortloff, a researcher from Kaspersky Lab’s Global Research and Analysis Team, first discovered the Linux and Windows variants of this family of cross-platform backdoor, dubbed Mokes, in January this year.

Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakdown of the backdoor in a post on Securelist.

Alike the Linux and Windows variants, the OS X backdoor variant, Backdoor.OSX.Mokes.a, specializes in capturing audio-video, obtaining keystrokes as well as taking screenshots every 30 seconds from a victim’s machine.

The variant is written in C++ using Qt, a cross-platform application framework that is widely being used for developing applications to run on various software and hardware platforms.

The backdoor also has the capability to monitor removable storage like when a USB drive is connected to or removed from the computer.

 

It can also scan the file system for Office documents, including .docx, .doc, .xlsx, and .xls files.

The OS X backdoor can also execute arbitrary commands on the victim’s computer from its command and control (C&C) server.

The backdoor establishes an encrypted connection with its command and control server and communicates using AES-256 encryption, which is considered to be a secure encryption algorithm.

Ortloff notes, right after execution, the OS X sample he analyzed copies itself to a handful of locations, including caches that belong to Skype, Dropbox, Google, and Firefox. This behavior is similar to the Linux variant that copied itself to locations belonging to Dropbox and Firefox after execution.

The researcher has not attributed the Mokes backdoor family to any hacking group, state-sponsored hacker or country, nor he detailed about the OS X backdoor’s infection vector and how widespread it is.


However, based on the currently available information, the backdoor seems to be a sophisticated piece of malware.

Apple Watch Series 2 Waterproof 50 meters with Pokemon Go
Apple Watch Series 2 Waterproof 50 meters with Pokemon Go
Apple Watch Series 2 Waterproof 50 meters with Pokemon Go

.
Check If Your Accounts One of 30 Million Facebook Accounts Were Hacked
Check If Your Accounts One of 30 Million Facebook Accounts Were Hacked

Out of those 30 million accounts, hackers successfully accessed personal information from 29 million Facebook users, though the company assured that t


Check If Your Accounts One of 30 Million Facebook Accounts Were Hacked
Google following your every move here is how to limit it

As it turns out, even when you opt to limit Google's ability to track your location when using its search function or apps, some of your time-stam


Check If Your Accounts One of 30 Million Facebook Accounts Were Hacked
HOW! Lets Users Modify Group Chats in Whatsapp to Spread Fake News with WhatsApp Flaw

WhatsApp, the most popular messaging application in the world, has been found vulnerable to multiple security vulnerabilities that could allow malicio


Check If Your Accounts One of 30 Million Facebook Accounts Were Hacked
Alert ! Godaddy Web hosting server hack

Besides Timehop, another data breach was discovered last week that affects users of one of the largest web hosting companies in Germany, DomainFa


Check If Your Accounts One of 30 Million Facebook Accounts Were Hacked
Stolen D-Link digital certificate malware

Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new ma


Check If Your Accounts One of 30 Million Facebook Accounts Were Hacked
Google Blocks All Chrome Extension Installations From 3rd-Party

You probably have come across many websites that let you install browser extensions without ever going to the official Chrome web store. It's a g



© 2013-2018 best of geeks. All rights reserved.