U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

The raise of Multi-platform malware

The malware factory still evolving, every day security firms detect new cyber threats that show new sophisticated techniques to avoid protection systems, this is a war that law enforcement fight against cyber criminals. Internet has a new web exploit produced by crime industry, its particularity is that in the deployment phase it is able to […]

The raise of Multi-platform malware

The malware factory still evolving, every day security firms detect new cyber threats that show new sophisticated techniques to avoid protection systems, this is a war that law enforcement fight against cyber criminals.

Internet has a new web exploit produced by crime industry, its particularity is that in the deployment phase it is able to detect the OS of the host and choose the appropriate malware to launch to infect it.

Windows, Linux or Mac OS, no one is safe, that is the result of the discovery made by the experts of the security firm F-Secure that have isolated what is considered a multi-platform backdoor on Colombian Transport site.

Multi-platform attacks are rarer, they represent a considerable evolution to take into account.  Of course the multi platform malware represent a great evolution for the cyber crime because they give the opportunity to an attacker to infect the major number of machines independently from

The mechanism is simple, using a Jar the backdoor is able to identify the OS and after download the right files to infect the machine.

Once identified the type of operating system that is running, the Java class file will download the appropriate malware, with the purpose to open a backdoor to allow remote access to your machine.

Following is reported the source code of the applet used to distinguish the running OS on victim pc.

Of course the attack must be completed with a sort of social engineering, in order to accept the malicious file the internet users are circumvented by proposing to run a benign singned applet.

 

The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249.

The F-Secure blog post reported also the following info to qualify the malware:

Trojan-Downloader:Java/GetShell.A (sha1: 4a52bb43ff4ae19816e1b97453835da3565387b7)
Backdoor:OSX/GetShell.A (sha1: b05b11bc8520e73a9d62a3dc1d5854d3b4a52cef)
Backdoor:Linux/GetShell.A (sha1: 359a996b841bc02d339279d29112fe980637bf88)
Backdoor:W32/GetShell.A (sha1: 26fcc7d3106ab231ba0ed2cba34b7611dcf5fc0a)

The MacOSX sample is a PowerPC binary, as such, executing the file in an Intel-based platform will require Rosetta.

We must specify that this isn’t the first multi-platform malware detected, in 2010 was detected for example the Boonana malware which also used a malicious Java applet to spread itself on multiple machine.

Malware of this type will increase in number in coming months, no platform is immune so it is desirable that the internet user is aware of the cyber threats and take appropriate precautions.

Pierluigi Paganini