Linux and Windows Backdoor Trojan is Now Able to Infect Mac OS

A backdoor Trojan, which, until now, was able to infect only Windows and Linux systems, now has a Mac version as well, researchers say.

The threat, dubbed Linux.Ekocms, was first discovered in January this year by Dr.Web`s research team and, at the beginning, it was thought to infect only Linux running PCs. Using it, the crooks were able to take screenshots and record audio on the targeted computers.

Ten days after the Dr.Web`s discovery, the Kaspersky security company found a Windows version of the backdoor Trojan, which had most of the same features. This malware was detected under the name Mokes.

However, after an analysis of the Windows Mokes samples, Kaspersky discovered that the malware was coded in Qt and C++. They explained that this is a cross-platform application framework, which, theoretically, would allow Mokes to infect Mas devices as well.

Two days ago, on September 7th, the Kaspersky firm reported that it was able to detect the first Mokes samples which were, in fact, able to target Mac systems.

The OS X version of Mokes has the same spying features like the Linux and Windows versions. The Trojan can infect Mac running machines, where it establishes an encrypted connection with the Command and Control server.

Thanks to this connection with the attacked Mac PCs, the cybercriminals are able to send instructions to the Trojan what to do. These commands include scanning for office-related documents, capturing audio and video from the device’s microphone and camera, taking screenshots of the user’s desktop or logging keystrokes.

Recently, the number of threats attacking Mac and Linus OS have risen significantly. For instance, in July, Bitdefenfer`s researchers stumbled across another malware, named Eleanor, which was using TOR to establish a connection on the targeted machines and steal information.

One day later, ESET experts detected a Mac-targeting Trojan – Keydnap, which is able to steal passwords from the Keychain utility and send them to the crooks` server.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.