Due to the rising inward popularity of Mac OS X in addition to other Windows desktop alternatives, hackers get got begun designing cross-platform malware modularly for broad distribution.
Cross-platform malware is loaded alongside specialized payloads in addition to components, allowing it to run on multiple platforms.
One such malware identify unit of measurement has lately been discovered past times researchers at Kaspersky Lab, which run on all the commutation operating systems, including Windows, Linux, in addition to Mac OS X.
Stefan Ortloff, a researcher from Kaspersky Lab’s Global Research in addition to Analysis Team, commencement discovered the Linux in addition to Windows variants of this identify unit of measurement of cross-platform backdoor, dubbed Mokes, inward Jan this year.
Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakdown of the backdoor inward a postal service on Securelist.
Alike the Linux in addition to Windows variants, the OS X backdoor variant, Backdoor.OSX.Mokes.a, specializes inward capturing audio-video, obtaining keystrokes equally good equally taking screenshots every thirty seconds from a victim’s machine.
The variant is written inward C++ using Qt, a cross-platform application framework that is widely beingness used for developing applications to run on diverse software in addition to hardware platforms.
The backdoor likewise has the capability to monitor removable storage similar when a USB campaign is connected to or removed from the computer.
It tin likewise scan the file organization for Office documents, including .docx, .doc, .xlsx, in addition to .xls files.
The OS X backdoor tin likewise execute arbitrary commands on the victim’s figurer from its command in addition to command (C&C) server.
The backdoor establishes an encrypted connection alongside its command in addition to command server in addition to communicates using AES-256 encryption, which is considered to hold upwards a secure encryption algorithm.
Ortloff notes, correct afterwards execution, the OS X sample he analyzed copies itself to a handful of locations, including caches that belong to Skype, Dropbox, Google, in addition to Firefox. This behaviour is similar to the Linux variant that copied itself to locations belonging to Dropbox in addition to Firefox afterwards execution.
The researcher has non attributed the Mokes backdoor identify unit of measurement to whatever hacking group, state-sponsored hacker or country, nor he detailed most the OS X backdoor’s infection vector in addition to how widespread it is.
However, based on the currently available information, the backdoor seems to hold upwards a sophisticated slice of malware.
