New Java Malware Exploits Both Windows And Mac Users

Symantec has discovered a new form of Java malware that infects both Apple and Windows machines, according to research posted on the company’s Security Response blog.

Symantec has discovered a new form of Java malware that infects both Apple and Windows machines, according to research posted on the company’s Security Response blog.

The entry, penned by researcher Takashi Katsuki, describes a strain of Java Applet malware that either drops a Python-based malware in Mac operating systems or an executable-form of malware in Windows computers. If opened, both forms of malware could launch a Trojan horse that could trigger a back door on the computer, regardless of the platform.

The malware exploits the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download the malware.

According to the post, the Mac back door Trojan can currently only control polling times, or “how many times it gets commands from the server at certain time intervals.” If enabled however, the Trojan can also download files, list files and folders, open a remote shell, sleep or upload files.

The Trojan for Windows can send information about the infected computer and disk, its memory usage, OS version and user name, in addition to downloading and executing files and opening shells to receive commands.

The news of this malware comes on the heels of Flashback and SabPub, two forms of malware that have been targeting Mac users throughout the first quarter of this year via another vulnerability in Java.

The vulnerability CVE-2012-0507 — an older Java flaw that was recently blocked by Mozilla’s Firefox — was used by some Flashback variants earlier this month, before being patched by Apple.

Suggested articles

Discussion

  • Anonymous on

    Apple didn't adequately prepare for malware so now they plan to close their platform as a solution. What they should have done is set up all new Mac's with three users: OS X root only password for software updates and trusted third kernel extensions. Admin password for cross account control, program installs, emergency use and General User (with admin access). OS X in root runs a monitor that checks what's going on and makes sure the user knows about it or reports any suspicious activity to Apple then can warn other Mac's (user opt out of course) then the infected machines restored automatically. Turn it on your safe, turn it off anything can happen, it's their fault. No need for closed MAS Disney World. Third party kernel extensions? Shouldn't break the machine if they don't load, are unstable or outdated, the machine should boot just fine without them and automatically disable them not give gray screens and other issues. If OS X itself has a glitch? the firmware should have auto OS X restore from a encrypted recovery partition/flash memory and in the process prompt the user to connect a external source to auto copy their user data off. In other words nothing software related should affect the machine, only if hardware breaks. Oh well. *sigh* :(
  • Anonymous on

    So where are all of the Mac fanboys?  Are they holding their hands over thier ears while chanting "Macs dont get malware...macs dont get malware!"

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.