back to article Java-based malware tries Mac-smacking cross-platform attack

Malware-writers have developed a Java-based, equal-opportunity botnet Trojan in an apparent bid to infect more machines outside the Windows ecosystem. IncognitoRAT uses source code and libraries that allow it to attack both Windows and Mac machines, at least in theory. Only the Windows version of the malicious downloader has …

COMMENTS

This topic is closed for new posts.
Silver badge
Happy

Wahey!

I feel proud, being a Mac user, finally being considered worthy enough to be attacked by a "virus/trojan" that's also available on Windows too!

What a day!

4
0
Alien

Write once, pwn anywhere?

Show me a working example ..

1
2
Happy

See?

This is a Mac virus, send this to all your contacts and wipe your harddisk,

Thank you for your cooperation.

2
0
Silver badge

applause!

Big ups and a big +1 to you on that one.

All you members of the Windows Priesthood can mock all you want, but at least for the most part, MacOS doesn't come out of the box with its security set to Hack Me, Backdoor Me, Root Me, Trojan Me, Pwn Me.

4
6
Anonymous Coward

I don't get it

If they've convinced you to download an exe file what's the point of using Java? Haven't they already got less restrictive access to the machine via a native executable than they would via a Java application?

0
0
Silver badge
Grenade

I don't know about other MacFreaks out there...

...but in my studio, Java Runtime is, itself, treated as malware and fought without mercy.

3
4

pwn2own confusion

Lots of people know OS X fell in pwn2own, few know the extent of what that actually means based on the contest rules.

Execution of code was completed, yes, BUT, only through MANUAL intervention, and only at user code level authority. Code was NOT installed, root or other escalated permissions were not attained, a bot/trojan/virus could not be deployed or left behind, and the server receiving the "tricked" connection to a pre-generated web site (successful phishing attack required first) required the hacker to be online to accept the incoming attack and directly interact with the pwnd machine. They also did not acquire or bypass keychain (though IF you could get code escalated and running on a mac (possible directly, but not yet proven remotely), there was an exploit shown (now patched) to do that.

Remote code installation on OS X has never once been demonstrated, even using now-patched vulns under the assumption a user had not yet installed the patches, that had escalated admin permissions and/or the ability to access secured portions of OS X or the keychain. There are ways proven to compromise a mac, yea, but they are not capable of being automated, and can not self spread, they all require a central server, making therm easy to block and stop, and first the user has to be tricked for that to even be possible. Proof of concepts of defeating one or more layers of security, making assumptions that other barriers can/will be breached, have been shown, and every individual layer of security has been breached, but no hacker or security team has ever shown a complete path to enable that remotely.

More so, if you could get a virus installed on OS X, it would dance in the tray when running, show up in task manager, in general be easy to spot. Really the only viable ways to get an app in here boil down to tricking the user to go to a site, tricking them to download code, tricking them to type their keychain password, even use the mac installer itself, and all this boild down to damned easy to detect with AV software activity.

I'm not suggesting this can;t be done, that OS X can not be compromised, but I am suggesting people get a grip, and understand just what Pwn2Own is, and that the methods used provide very, very low level risks, and simply because a Mac fell does not mean it can be remotely compomised (yet). Also, everything known for pwn2own is handed over, and those vulns patched.

And in this case, it doesn't even appear the Mac cross-code even works... just that yet another coder tried and failed.

5
2
This topic is closed for new posts.

Forums