Java applications can run on multiple platforms with ease, thus no surprise that malicious code written in Java that is designed to target more than one operating system are becoming increasingly common.
Researchers at McAfee Labs spotted another sample of Java based trojan dubbed as JV/BackDoor-FAZY that opens a back door for an attacker to execute commands and acts as a bot after infection.
According to researcher, The key to decrypt the config file was encrypted with Base 64, Triple-DES algorithm and Hex. Decrypting the file provides information about the backdoor connection, includes IP address, port number, operating system, mutex information, and password for the connection.
"On execution, the JAR file opens the backdoor connection to the IP address and the port mentioned in the plain config file. Once the backdoor connection is made, the compromised user environment will act as the server and the attacker will be the client. The attacker can now take control of the victim's system and can execute any commands." blog post said.
Such malicious file can be bundled with a legitimate file and can be dropped and executed in the background, without the user consent and can copy itself to all available drives on the system and allows hackers to record the user screen, keystrokes, access to command prompt, downloading & execute other binary files or using the system to DDoS using HTTP POST and GET requests.
Multi-platform malware is not entirely new, but with the increasing popularity of Apple products and systems running Linux, there is an incentive for malware authors to save time and resources by developing strains that are capable of infecting multiple operating systems.
