Kaspersky Lab have discovered a sophisticated strain of malware which has shifted across platforms in order to target Mac OS X users. They revealed the existence of Backdoor.OSX.Mokes, an OS X-based variation of the Mokes malware family which was discovered back in January. According to the team, the malicious code is now able to operate on all major operating systems including Windows, Linux and Mac. IT security experts from AlienVault, ESET and Tenable Network Security commented below.
Jaime Blasco, Vice President and Chief Scientist at AlienVault:
The malware has keylogging capabilities and it is able to steal files, take screenshots and capture audio/video, similar capabilities to other “sophisticated” MacOSX malware we analyzed recently.”
Mark James, Security Specialist at ESET:
Keeping your data personal and safe is getting harder and harder these days. While you have no direct control of large corporate data breaches you do have a very real control of securing your own data. Regardless of operating system platform, there are a few simple rules you should always apply; making sure your operating system is on the latest version, all applications are patched and updated to ensure you’re using the latest versions as well as periodically checking to see if you still need or use them. Make sure you have installed a good multi-layered regularly updating internet security product; this is a very important part of securing your data whether you’re on Windows, Mac or Linux. Any and all help should be embraced in this modern day cyberwarfare.”
Cris Thomas, Strategist at Tenable Network Security:
“This particular piece of OS X malware appears to be able to do all sorts of nasty stuff like take screenshots, take control of the microphone and camera, search for office documents, and record keystrokes. While all of those features can cause a lot of damage and could compromise personal information including bank accounts, there does not seem to be any direct monetization features. This makes me wonder what main purpose the authors of this malware intended it to serve.
“Apple will most likely push out a signature update shortly, and users should have automatic updates turned on so they can get the new signatures as soon as possible.”