Mac (and Linux) hit by another dangerous trojan

The Mac is facing another dangerous malware onslaught, but this time cybercriminals are targeting Linux, too. Dr. Web, the same people who caught the infamous Flashback Trojan earlier this year, say that Wirenet is being used to steal the passwords of Mac and Linux users.

Wirenet targets passwords stored in browsers like Chrome, Firefox, and Opera (strangely, it doesn’t seem to be targeting Safari, the Mac’s default browser), as well as email and messaging apps Thunderbird and Pidgin. And even though it’s only specifically targeting those apps, don’t think any of your data is safe, since Wirenet includes a keylogger to capture every single thing you type.

Once it’s installed itself on your home directory, Wirenet masquerades as an unassuming Wi-Fi utility called ‘WIFIADAPT.’ That’s where the gap in our data starts to show, too, since Dr. Web is still investigating how the malware is actually being spread.

If you’re using a system that could potentially be infected, you’ve got a couple of recourses. There’s the obvious route of depending on Dr. Web’s anti-virus products to keep you safe (they’d like that, wouldn’t they?), or the less obvious step of blocking the server that’s controlling Wirenet. Doing this is apparently a simple matter of cutting off communication with the IP address 212.7.208.65. Exactly how you do that will depend on what kind of system you’re using, but we think you’ll be able to figure it out.

It’s becoming increasingly apparent that the Mac is not safe from malware (although, as we’ve pointed out before, the fact that something like this is making the news goes to show that it’s still not as widespread a problem as it is on certain other platforms).

What we haven’t heard a lot about, though, is Linux infections. Even though Linux represents a tiny blip on hacker’s radar, it may be worth your time to consider investing in a little extra protection – or just common sense – next time you’re using a Linux box.

Source: ITWire | Via: Help Net Security
Internet Danger Symbol image by Shutterstock

Report a problem with article
Previous Story

Beta for Open WebOS officially launches

Next Story

Ubuntu with 'pure GNOME experience' coming

17 Comments

Commenting is disabled on this article.

Pretty crap article, doesn't mention anything about it, one comment mentions java in which case that's not a problem with mac/linux and would also affect windows and blu-ray players or if it's a static-compiled binary or what.

It will be happening more and more in the Mac/Linux world in future too.

Nice to know we won't be hearing these stupid comments about "I'm running a Mac/Linux OS, so I can't get infected" anymore pretty soon.

This must be impossible because I've been hearing for years that Linux is immune to viruses and/or malware ... Does this mean global warming is happening too?

thomastmc said,
This must be impossible because I've been hearing for years that Linux is immune to viruses and/or malware ... Does this mean global warming is happening too?

Immune? No. Unable to successfully spread? You betcha.

simplezz said,

Immune? No. Unable to successfully spread? You betcha.

So it used to be that Linux couldn't get a "free in the wild" virus, now they just can't spread.. Pretty soon it will be that the viruses on Linux just aren't as bad..

FWIW this uses a security bug in a new feature present in Java 7, which does not come with Mac OS X. Apple's only shipped Java 6 for Mac OS X and it does not have this bug.

BBBBuuut, they don't get attacked or have viruses, as they were designed by people so smart that they are impervious to attacks. It is only the idiots at Microsoft that design operating systems that are capable of being attacked.

/sarcasm

What we haven't heard a lot about, though, is Linux infections. Even though Linux represents a tiny blip on hacker's radar, it may be worth your time to consider investing in a little extra protection - or just common sense - next time you're using a Linux box.

You might not want to downplay the Linux angle too much...

Depending on how it gains access, every Linux or FreeBSD based router, switch, server and various other networked devices that are SELDOM scanned should be checked.

This is still one of the largest growing security problems on the internet as a whole, as an infected/bot router, switch, server that handles packets, can screen and inject malware into targeted software, and with clients that do not fully verify content hidden in the injected content allows for easy infection of many types of systems.

Part of the problem is the lack of access to many of these devices and the methods to check for malware are closed to the admin/user by the manufacturer.


I'll repeat what hacking groups have said, they use FreeBSD and Linux servers to create an attack army.

Anyone running ANY OS, should have malware identification software, even if they do not run it in realtime, and it has full access to override any locks to check the system, even if the attack happens below the OS.

Windows 7, use MSE - Windows 8 it is all built in, and don't install 3rd party crap, it really is not needed, as Defender is a full malware adaptation of Microsoft enterprise Forefront technologies combined with other OS level security protections like the layered firewall to PCA and other systems that 3rd party tools could never replicate, nor do it as efficiently.

Linux, Mac... There are several, most still suck because of their lack of maturity in detection and lack of comprehensive scanning because they often are ported products from the Windows world that does not have the same security or holes to check.

Looks like creating a ~/WIFIADAPT folder and making it unwritable for the user would stop the trojan :-/

I wish we could dispense with the "my os doesn't get viruses" advertising which at best creates a false sense of security and at worst leaves systems vulnerable.

TPreston said,
I wish we could dispense with the "my os doesn't get viruses" advertising which at best creates a false sense of security and at worst leaves systems vulnerable.

It's not that the system (GNU/Linux) can't be infected with malware, it's just that it's so much more difficult to infect that none has ever been successful.

There are a few reasons for this:
1. Software repositories. Users don't need to download random binaries when it's all there ready to download from peer reviewed repositories.
2. Programs usually come in tarball or package manager formats (deb, rpm), so a single binary file is itself suspicious unless downloaded from a reliable source.
3. Executables need chmod +x permission to run.
4. No virus or malware has ever successfully infected multiple GNU/Linux machines. It's a heterogeneous environment and makes life difficult for malware. The best you'll ever see is proof of concepts like this, but no real world successful ones.

simplezz said,
1. Software repositories. Users don't need to download random binaries when it's all there ready to download from peer reviewed repositories.

Until you want something that's out of date in the repository, or not available at all. Then you're off downloading from elsewhere. Download this deb, use our PPA, run this script, etc etc.. hey it's on Linux, so it's got to be trustworthy right? Or are you going to say that every Linux user is an expert and doesn't do stupid things? (Which kind of goes counter against the whole "Linux for the masses" thing that comes and goes.)
simplezz said,
2. Programs usually come in tarball or package manager formats (deb, rpm), so a single binary file is itself suspicious unless downloaded from a reliable source.

What, you think that malware authors don't know how to create an archive?
simplezz said,
3. Executables need chmod +x permission to run.

Which is kindly provided by said archive, above.
simplezz said,
4. It's a heterogeneous environment and makes life difficult for malware. The best you'll ever see is proof of concepts like this, but no real world successful ones.

I'd be curious to see what happens when/if commercial gaming actually makes it to Linux.. once the cracks start showing up the malware won't be far behind. Namely, it'll increase when it's actually worth the effort to write malware in the first place, the tiny market share really doesn't justify it as it's usually motivated by money in the first place.

TCLN Ryster said,
But Macs and Linux don't get viruses?!?! /s

Sorry, someone had to say it

Oh there are viruses, malware and rootkits, it's just none are successful (at least on GNU/Linux). Most nix users get their software from repositories, which means they don't download suspicious random binaries. In addition to that, any executable has to be given explicit chmod +x permissions to run on Linux.

All in all, this is just another proof of concept designed to frighten people. If anyone can demonstrate a working piece of malware or virus that's actively infecting GNU/Linux machines, then I'd be impressed, otherwise, I'll just chalk this up to more anti-virus company propaganda.

TCLN Ryster said,
But Macs and Linux don't get viruses?!?! /s

Sorry, someone had to say it

HA! It's easier to hack into Linux or a Mac (BSD) in person in like 20 seconds and steal passwords than install a virus.

ok so just got my first macbook over a week ago and wondering now, what is the best free Antivirus client for it now?


SMELTN said,
ok so just got my first macbook over a week ago and wondering now, what is the best free Antivirus client for it now?

I'm using Sophos Anti-virus for Mac