Kaspersky Lab have discovered a sophisticated strain of malware which has shifted across platforms in order to target Mac OS X users. They revealed the existence of Backdoor.OSX.Mokes, an OS X-based variation of the Mokes malware family which was discovered back in January. According to the team, the malicious code is now able to operate on all major operating systems including Windows, Linux and Mac. IT security experts from AlienVault, ESET and Tenable Network Security commented below.
Jaime Blasco, Vice President and Chief Scientist at AlienVault:
“The use of cross-platform malware is not new. Actually, we reported a few cases in the past of attackers targeting MacosX and Windows with similar backdoors and the same Java exploit.
The malware has keylogging capabilities and it is able to steal files, take screenshots and capture audio/video, similar capabilities to other “sophisticated” MacOSX malware we analyzed recently.”
Mark James, Security Specialist at ESET:
“What is interesting about this particular malware is its ability to now infect any platform. It has shifted its attention to the MAC platform after already targeting Windows and Linux, its goal is stealing data and includes snapshotting screen activity, monitoring removable media and recording video and audio. Any of these features could enable all manner of personal data to be captured and sent offsite but together almost none of your personal info is safe.
Keeping your data personal and safe is getting harder and harder these days. While you have no direct control of large corporate data breaches you do have a very real control of securing your own data. Regardless of operating system platform, there are a few simple rules you should always apply; making sure your operating system is on the latest version, all applications are patched and updated to ensure you’re using the latest versions as well as periodically checking to see if you still need or use them. Make sure you have installed a good multi-layered regularly updating internet security product; this is a very important part of securing your data whether you’re on Windows, Mac or Linux. Any and all help should be embraced in this modern day cyberwarfare.”
Cris Thomas, Strategist at Tenable Network Security:
“OS X malware always gets a lot of press mentions because there is so little of it. There are thousands of Windows or Android malware variants discovered every day and OS X malware by comparison is relatively rare.
“This particular piece of OS X malware appears to be able to do all sorts of nasty stuff like take screenshots, take control of the microphone and camera, search for office documents, and record keystrokes. While all of those features can cause a lot of damage and could compromise personal information including bank accounts, there does not seem to be any direct monetization features. This makes me wonder what main purpose the authors of this malware intended it to serve.
“Apple will most likely push out a signature update shortly, and users should have automatic updates turned on so they can get the new signatures as soon as possible.”