The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: cross platform malware

Apple Users, Beware! A Nearly-Undetectable Malware Targeting Mac Computers

Apple Users, Beware! A Nearly-Undetectable Malware Targeting Mac Computers

July 25, 2017Swati Khandelwal
Yes, even Mac could also get viruses that could silently spy on its users. So, if you own a Mac and think you are immune to malware, you are wrong. An unusual piece of malware that can remotely take control of webcams, screen, mouse, keyboards, and install additional malicious software has been infecting hundreds of Mac computers for more than five years—and it was detected just a few months back. Dubbed FruitFly , the Mac malware was initially detected earlier this year by Malwarebytes researcher Thomas Reed, and Apple quickly released security patches to address the dangerous malware. Now months later, Patrick Wardle, an ex-NSA hacker and now chief security researcher at security firm Synack, discovered around 400 Mac computers infected with the newer strain of the FruitFly malware (FruitFly 2) in the wild. Wardle believes the number of infected Macs with FruitFly 2 would likely be much higher, as he only had access to some servers used to control FruitFly. Although it i
Adwind RAT Returns! Cross-Platform Malware Targeting Aerospace Industries

Adwind RAT Returns! Cross-Platform Malware Targeting Aerospace Industries

July 11, 2017Swati Khandelwal
Hackers and cyber criminals are becoming dramatically more adept, innovative, and stealthy with each passing day. While other operating systems are more widely in use, cybercriminals have now shifted from traditional activities to more clandestine techniques that come with limitless attack vectors, support for cross platforms and low detection rates. Security researchers have discovered that infamous Adwind , a popular cross-platform Remote Access Trojan written in Java, has re-emerged and currently being used to "target enterprises in the aerospace industry, with Switzerland, Austria, Ukraine, and the US the most affected countries." Adwind — also known as AlienSpy, Frutas, jFrutas , Unrecom, Sockrat, JSocket, and jRat — has been in development since 2013 and is capable of infecting all the major operating systems, including Windows, Mac, Linux, and Android. Adwind has several malicious capabilities including stealing credentials, keylogging, taking pictures or
Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

September 07, 2016Swati Khandelwal
Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution. Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms. One such malware family has recently been discovered by researchers at Kaspersky Lab, which run on all the key operating systems, including Windows, Linux, and Mac OS X. Stefan Ortloff, a researcher from Kaspersky Lab's Global Research and Analysis Team, first discovered the Linux and Windows variants of this family of cross-platform backdoor, dubbed Mokes , in January this year. Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakd
Java-Bot, a Cross-platform malware launching DDoS attacks from infected computers

Java-Bot, a Cross-platform malware launching DDoS attacks from infected computers

January 29, 2014Anonymous
These days botnets are all over the news. In simple terms, a botnet is a group of computers networked together, running a piece of malicious software that allows them to be controlled by a remote attacker. A major target for most of the malware is still Windows, but the growing market of Mac OS X, Linux and Smartphones, is also giving a solid reason to cyber criminals to focus. Recently, Kaspersky Lab has detected another cross-platform Java-Bot , capable of infecting computers running Windows, Mac OS X, and Linux that has Java Runtime Environment installed. Last year, Zoltan Balazs - CTO at MRG Effitas submitted the samples of malicious Java application for analysis to Kaspersky Lab and they identified it as HEUR : Backdoor.Java.Agent.a . According to researchers, to compromise computers, Java-Bot is exploiting a previously known critical Java vulnerability CVE-2013-2465 that was patched in last June. The vulnerability persists in Java 7 u21 and earlier vers
Java based Cross platform malware targeting Apache Tomcat servers in the wild

Java based Cross platform malware targeting Apache Tomcat servers in the wild

November 21, 2013Mohit Kumar
Takashi Katsuki, a researcher at Antivirus firm Symantec has discovered a new cyber attack ongoing in the wild, targeting an open-source Web server application server Apache Tomcat with a cross platform Java based backdoor that can be used to attack other machines. The malware, dubbed as " Java.Tomdep " differs from other server malware and is not written in the PHP scripting language. It is basically a Java based backdoor act as Java Servlet that gives Apache Tomcat platforms malicious capabilities. Because Java is a cross platform language, the affected platforms include Linux, Mac OS X, Solaris, and most supported versions of Windows. The malware was detected less than a month ago and so far the number of infected machines appears to be low. You may think that this type of attack only targets personal computers, such as desktops and laptops, but unfortunately that isn't true. Servers can also be attacked. They are quite valuable targets, since they are usu
Cross Platform Trojan builder distributed on underground forums

Cross Platform Trojan builder distributed on underground forums

February 14, 2013Mohit Kumar
A Cross platform back door ' Frutas ' remote access tool (RAT) is available for download on many forums from January 2013. This Trojan builder is completely written in Java. Recently, Symantec experts analyse that Frutas RAT allows attackers to create a connect-back client JAR file to run on a compromised computer. The back door builder provides some minor obfuscation, which allows the attacker to use a custom encryption key for some of the embedded back door functionality. Once a backdoor connection is established, the RAT server alerts the attacker and allows them to perform various back door functions on the compromised computer i.e Browse file systems, Download and execute arbitrary files, Perform denial of service attacks, Open a specified website in a browser. According to Symantec only 2 out of the 46 vendors from Virus Total are detecting it as a threat.
New Linux Rootkit Attacks Internet Users

New Linux Rootkit Attacks Internet Users

December 02, 2012Mohit Kumar
Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the web visitor&#
Multiplatform Java Jacksbot Malware infecting Windows, Linux and Mac

Multiplatform Java Jacksbot Malware infecting Windows, Linux and Mac

October 31, 2012Mohit Kumar
Intego discovered a Multiplatform Java  Malware called " Jacksbot " , which is infecting Windows, Linux and Mac systems. The Jacksbot is described as a 'backdoor Trojan Java "on infected computers and collects system information, make screenshots, delete files, steal passwords and perform click fraud and DDoS attacks. Researchers said,Although it can run on any platform that supports JRE, It appears likely that this trojan is intended to be dropped by another component that has not yet been identified. " There is a possibility that this malware presents itself as a Minecraft modification to unsuspecting users as it contains the special command 'MC for stealing Minecraft passwords from the compromised system ," Johanne Demetria explain in post . " However, the malware's focus is mainly on Windows. The malware writers behind JACKSBOT may just be testing the waters for a successful multiplatform malware; however for now they appear to be unwilling to invest th
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.