Newly-discovered Mac malware works also on Linux2017-01-19 07:57 by Daniela
Tags: Mac, Linux
Antivirus vendor Malwarebytes has discovered a new Mac malware, called "Fruitfly," which can also be used against Linux systems. Malwarebytes identifies the code as "OSX.Backdoor.Quimitchin." It has been discovered after an IT administrator detected unusual traffic flowing out of a computer based on Apple's Mac OS X operating system.
The malware uses antiquated code to help it run undetected on macOS systems. It is designed to take screen captures, access the Mac's webcam, and simulate mouse clicks and key presses, allowing for remote control by a hacker.
"The script also includes some code for taking screen captures via shell commands," the team says. "Interestingly, it has code to do this both using the Mac "screencapture" command and the Linux "xwd" command. It also has code to get the system's uptime, using the Mac "uptime" command or the Linux "cat /proc/uptime" command."
"The presence of Linux shell commands in the original script led us to try running this malware on a Linux machine, where we found that - with the exception of the Mach-O binary - everything ran just fine," the analysis continued. "This suggests that there may be a variant of this malware that is expressly designed to run on Linux, perhaps even with a Linux executable in place of the Mach-O executable. However, we have not found such a sample."
Apple has already released a silent update for macOS.
Read more -here-