Multi-platform malware loose on Windows, Mac, and Linux machines

Computer users regardless of what operating system they are using were warned this week against a new multi-platform malware that uses social engineering to spread.

 

Security vendor F-Secure said it came across the malware, which affects machines running Windows, Mac and Linux, at a compromised Colombian Transport website.

 

"The JAR file checks if the user's machine is running in Windows, Mac or Linux then downloads the appropriate files for the platform," it said.

 

It added the malware connects to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux, and Windows respectively.

 

F-Secure said the command-and-control and hacked websites have been reported.

 

A separate article on CNET said the compromised website has a Java applet that would run using a self-signed certificate.

 

It also noted the Mac version of the malware is a PowerPC binary so it will not run on any Intel-based Mac without Rosetta.

 

CNET also quoted Mac security company Intego as saying the malware was thrown together with readily available tools such as MetaSploit, which indicates the attack authors are not particularly technically savvy individuals.

 

"Overall, this threat is of very low concern, especially for Mac users who keep their systems up to date. However, it does serve as a reminder to only use services that you personally trust or that use a legitimate certificate signing authority. If at any point you see a program, applet, or other resource attempt to use a self-signed certificate, then be sure you personally trust the source before using it," it said. — TJD, GMA News