2011-05-01
Abstract
Mac users targeted by crimeware kit and fake AV.
Copyright © 2011 Virus Bulletin
A new crimeware kit has been discovered that looks set to bring trouble for Mac OS X users. The first known crimeware kit aimed specifically at the Mac OS X platform was released recently on underground forums, according to Danish IT security firm CSIS Security Group.
The kit, which is advertised as the Weyland-Yutani BOT and costs $1,000, currently supports web injects and form grabbing in Firefox, with its creators promising the same functionality for the Chrome and Safari browsers in the near future. The webinjects templates are the same as those used in the very popular Windows crimeware kits Zeus and Spyeye.
Crimeware kits have become a ubiquitous part of the Windows malware scene in the last few years, allowing users to create their own custom versions of malicious software that can turn machines into remotely controlled bots and/or harvest data from the infected machines.
The DIY kit’s developers have indicated that they also plan to release kits for iPads and Linux machines.
With many Mac users still convinced that the platform is more secure than Windows they will need to be on their guard against socially engineered attacks – a need reaffirmed by the recent discovery of rogueware (or fake AV) targeting Mac users. A recent surge of SEO poisoning attacks on Google (hijacking search results of queries ranging from global warming to the death of Osama bin Laden) has turned up malicious domains serving two rogueware applications specific to Mac OS X: Best Mac Antivirus and MACDefender.
While there is currently significantly less malware in existence for Mac OS X than there is for Windows, these developments are an indication that criminals are taking an increasing interest in the Mac platform.
