Feeds

Java-based malware tries Mac-smacking cross-platform attack

Write once, pwn anywhere

SANS - Survey on application security programs

Malware-writers have developed a Java-based, equal-opportunity botnet Trojan in an apparent bid to infect more machines outside the Windows ecosystem.

IncognitoRAT uses source code and libraries that allow it to attack both Windows and Mac machines, at least in theory. Only the Windows version of the malicious downloader has been spotted actually spreading, McAfee reports.

"The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs," explains McAfee researcher Carlos Castillo. "The victim's machine has to have the Java Runtime Environment installed and must be online. As soon as the file is executed, it starts downloading a ZIP file with a pack of Java-based libraries to perform several remote activities."

Once successfully executed, the malware establishes remote control of compromised systems, allowing criminal hackers to either control or extract and upload private information from compromised devices.

Cross-platform malware is rare but not unprecedented. The more widespread use of Mac machines is bound to make the platform a more attractive target for virus writers and other miscreants. Whether they will succeed is another question, but several vulnerabilities in Apple's software have been revealed through various editions of the annual CanSecWest Pwn2Own hacking competition, so it's certainly possible. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.