Jump to content

Equal-opportunity malware targets Macs and Windows


nsane.forums

Recommended Posts

nsane.forums

Janicab ushers in cross-platform era as OS X becomes more appealing target.

ysbDc33.png

Researchers have uncovered a family of malware that targets both Windows and OS X. Janicab.A, as the trojan is known, is also unusual because it uses a YouTube page to direct infected machines to command-and-control (C&C) servers and follows a clever trick to conceal itself.

The threat first came to light last week, when researchers from F-Secure and Webroot documented a new trojan threatening Mac users. Like other recently discovered OS X malware, Janicab was digitally signed with a valid Apple Developer ID. It also used a special unicode character known as a right-to-left override to make the infection file appear as a PDF document rather than a potentially dangerous executable file.

On Monday, researchers from Avast published a blog post reporting that Janicab can also infect computers running Windows. The strain exploits a vulnerability Microsoft patched in 2012 to install a malicious Visual Basic script that can remain active even after infected machines are restarted.

Like the Mac versions, Janicab randomly chooses a YouTube link from a hard-coded list to find the C&C server that issues updates and instructions. One such page contained the words "just something i made up for fun, check out my website at 111.90.152.210/cc bye bye." Researchers presume the IP address may have been the location of one of the C&C servers.

L4Il9Fu.png

Interestingly, the Windows variant observed by Avast simply awaits instructions from its operator. The Mac version, by contrast, sends captured screenshots and audio to the attackers. The reports don't say how many machines have been infected by Janicab. Most likely, the malware is in some sort of beta phase as its developers try to gain experience in creating cross-platform threats. With the growing use of OS X, it's not surprising to see malware that targets that platform. It's a bit more unusual to see the malware that can also infect Windows. We're probably at least a few years away from cross-platform malicious software that adds Linux to the list, but it's certainly within the realm of possibility.

view.gifView: Original Article

Link to comment
Share on other sites


  • Replies 1
  • Views 717
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...