Multi-platform backdoor malware targets Windows, Mac and Linux users

Filed Under: Apple, Java, Linux, Malware, Windows

Windows, Linux, Mac OS X under attackMost of the malware that we analyse inside SophosLabs targets Windows users.

And that makes sense for the cybercriminals - after all, more people are using Windows as their desktop operating system than any other platform.

But if malicious hackers want to go the extra mile, and maximise their chances of infecting more people's computers, they might well try to develop a multi-platform attack.

Yesterday, our friends at F-Secure discovered malware on a compromised Colombian transport website that was capable of infecting Windows, Mac and Linux users.

Visiting a hacked webpage, triggers a JAR (Java Archive) file which will ask permission to do its business - secretly determining if you are running Windows, Mac OS X or Linux.

Section of Java code

Once it has found out which operating system you are running, the Java class file will download the appropriate flavour of malware, with the intention of opening a backdoor that will give hackers remote access to your computer.

Sophos products detect the various components of the attack as Troj/JavaDl-NJ, Mal/Krap-D, OSX/Dloadr-DPG and Linux/Dldr-GV.

This isn't, of course, the first cross-platform malware that we have seen. For instance, in 2010 we saw the Boonana malware which similarly used a malicious Java applet to deliver a cross-platform attack that attempts to download further malware on Windows, Unix and Mac OS X.

And earlier this year we saw a Python-based malware attack against both Macs and Windows PCs. Not to mention the numerous fake anti-virus attacks which have been created to infect the computers of Windows and Mac users alike.

Although the amount of malware written for different operating systems can vary, it's becoming increasingly hard to argue on any OS that it's safe to surf the web without anti-virus protection.

, , , ,

You might like

11 Responses to Multi-platform backdoor malware targets Windows, Mac and Linux users

  1. Richard · 1182 days ago

    Isn't that the mantra of Java - write once, infect anywhere? :o)

  2. snert · 1182 days ago

    Hmph! About time there's some equal oppertunity malware.

  3. Guest · 1182 days ago

    Disable Java in your browser... Simple... No?

    • Guest · 1133 days ago

      It can help although that is only a short term solution. By doing so you limit your potential on the Web. However it does offer a good temporary problem fixing whilst eliminating the threat.

  4. Delta2 · 1182 days ago

    Another sophos scaremonger ! You are not safe from any OS get sophos installed !

  5. sundropdev · 1181 days ago

    a user has to be prompted with a confirmation before this can what

  6. tjraptis · 1181 days ago

    It was only a matter of time until more multiplatform malware came

  7. Yitsl · 1181 days ago

    The article is neutral and deals with facts only.
    He acknowledges F-Secure as the product that originally identified the threat.
    This hardly seems like a scaremongering exercise by Sophos.
    Furthermore my computer has never been infected by another OS, only viruses, intruders, spyware, trojans & adware.
    I would prefer being told about the threats so I can protect my computer in whatever way I choose.
    As a long time Linux user I have always maintained that Linux is just as prone to infestation as any other OS. Right now it is a very small target, that's all.

    • BigC · 1180 days ago

      The "Linux is simply too trifling a target to bother attacking" was debunked a long time ago. See here:

      It's surprising that you, "as a long time Linux user," don't seem to understand that the differences in the security model between Linux and Windows. I guess this is not surprising since you claim your own computer has never been infected by another "OS," but has been infected by viruses, intruders, spyware, trojans, and adware. I suspect your comment is nothing but FUD (Fear, Uncertainty and Doubt), because if it's true "as a long time Linux user" you should have learned not to use the root account for daily activity a long time ago, and in fact almost every distribution prevents you from doing this unless you do it purposefully.

      The article also does not explain how the malware gains escalated privileges to write to protected areas of the system. On Windows this is usually just a matter of the desktop user already being an administrator. Good article anyway Graham, but would appreciate more details.

  8. It is based on Java and downloads the appropriate malware for each platform.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley