‘FIRST ever’ Linux, Mac OS X-only password sniffing virus spotted
Security researchers have discovered a potential dangerous Linux and Mac OS X cross-platform trojan.
Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server, and logs key presses to capture passwords and sensitive information typed by victims.
The program also grabs passwords submitted to Opera, Firefox, Chrome and Chromium web browsers, and credentials stored by applications including email client Thunderbird, web suite SeaMonkey, and chat app Pidgin. The malware then attempts to upload the gathered data to a server hosted in the Netherlands.
The software nastie was intercepted by Russian antivirus firm Dr Web, the company that carried out much of the analysis of the infamous Flashback trojan. Dr Web describes Wirenet-1 as the first Linux/OSX cross-platform password-stealing trojan.
Multi-platform virus strains that infect Windows, Mac OS X and Linux machines are extremely rare but not unprecedented. One example include the recent Crisis super-worm. Creating a strain of malware that infects Mac OS X and Linux machines but not Windows boxes seems, frankly, weird given the sizes of each operating system’s userbase – unless the virus has been designed for some kind of closely targeted attack on an organisation that uses a mix of the two Unix flavours.
Analysis work on the Wirenet-1 is ongoing and for now it’s unclear how the trojan is designed to spread. Once executed, it copies itself to the user’s home directory, and uses AES to encrypt its communications with a server over the internet. ®