DR Web discovers the first Linux/OSX cross-platform trojan

According to Dr Web, it is the first known malware sample able to run under both Linux and OSX. It is a backdoor that uses AES encryption to communicate to a C&C server with the IP address 212.7.208.65 (which resolves to a location in the Netherlands).

Wirenet uses a keylogger to capture data entered by the user, including passwords entered into browsers such as Firefox, Opera, Chrome and Chromium (the open source version of Chrome); and apps such as Thunderbird (an open source email client), SeaMonkey (an open source internet suite comprising a browser, email and news, a HTML editor and an IRC client), and Pidgin (an open-source multi-platform instant messaging client).

Dr Web doesn’t yet know how the malware is spread, only that when launched, it creates its copy in the user's home directory. Its analysis is continuing.

What’s hot on Infosecurity Magazine?