Cross-Platform Trojan Steals Passwords

Thursday, August 30, 2012 @ 05:08 PM gHale

There is a potentially dangerous Linux and Mac OS X cross-platform Trojan on the loose.

Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server, and logs key presses to capture passwords and sensitive information.

Virus Pieces Together Inside System
Crisis Malware Goes Virtual
Popular Malware for July
New Trojans Covering Tracks

The program also grabs passwords submitted to Opera, Firefox, Chrome and Chromium web browsers, and credentials stored by applications including email client Thunderbird, web suite SeaMonkey, and chat app Pidgin. The malware then attempts to upload the gathered data to a server hosted in the Netherlands.

Russian antivirus firm Dr Web discovered the Trojan. Dr Web said Wirenet-1 as the first Linux/OSX cross-platform password-stealing Trojan.

Multi-platform virus strains that infect Windows, Mac OS X and Linux machines are extremely rare but not unprecedented. One example includes the Crisis worm. Creating a strain of malware that infects Mac OS X and Linux machines but not Windows boxes is unusual since Windows machines have such a huge base. But some security experts said maybe the creators designed the Trojan for a targeted attack that focuses purely on Mac OS X and Linux.

Analysis work on the Wirenet-1 is ongoing and for now it’s unclear how the Trojan would spread. Once executed, it copies itself to the user’s home directory, and uses AES to encrypt its communications with a server over the Internet.

Leave a Reply

You must be logged in to post a comment.