Multi-platform backdoor malware targets Windows, Mac and Linux users

Multi-platform backdoor malware targets Windows, Mac and Linux users

Windows, Linux, Mac OS X under attackMost of the malware that we analyse inside SophosLabs targets Windows users.

And that makes sense for the cybercriminals – after all, more people are using Windows as their desktop operating system than any other platform.

But if malicious hackers want to go the extra mile, and maximise their chances of infecting more people’s computers, they might well try to develop a multi-platform attack.

Yesterday, our friends at F-Secure discovered malware on a compromised Colombian transport website that was capable of infecting Windows, Mac and Linux users.

Visiting a hacked webpage, triggers a JAR (Java Archive) file which will ask permission to do its business – secretly determining if you are running Windows, Mac OS X or Linux.

Section of Java code

Once it has found out which operating system you are running, the Java class file will download the appropriate flavour of malware, with the intention of opening a backdoor that will give hackers remote access to your computer.

Sophos products detect the various components of the attack as Troj/JavaDl-NJ, Mal/Krap-D, OSX/Dloadr-DPG and Linux/Dldr-GV.

This isn’t, of course, the first cross-platform malware that we have seen. For instance, in 2010 we saw the Boonana malware which similarly used a malicious Java applet to deliver a cross-platform attack that attempts to download further malware on Windows, Unix and Mac OS X.

And earlier this year we saw a Python-based malware attack against both Macs and Windows PCs. Not to mention the numerous fake anti-virus attacks which have been created to infect the computers of Windows and Mac users alike.

Although the amount of malware written for different operating systems can vary, it’s becoming increasingly hard to argue on any OS that it’s safe to surf the web without anti-virus protection.