Congratulations Hackers, Finally you have defeated my dear Linux and Macintosh too. We are familiar with viruses and Trojans which affect Windows OS’s. And finally Linux and Mac have understood hacker’s skills. Of course shocking the tech world, Security researchers from F-Secure have discovered a web exploit which can detect user’s Operating System and inject corresponding Trojan into it. Primary attack from the Exploit was suffered by a Columbian Transport website that had been down. Mentioned malware is known as GetShell.A which requires a Java Applet Installation to move on.
Let’s have a look on this Trojan. Its action is actually very simple. This Cross Platform Malware detects if you are running Windows, Mac OS X, or Linux and downloads the corresponding malware to your PC. These malicious files install on user’s PCs and connects to Command & Control Server at IP Address 184.108.40.206, the same those F-Secure has localized at the mentioned IP. Karmina Aquino, a senior Analyst from F-Secure research team told,
“All three files for the three different platforms behave the same way. They all connect to 220.127.116.11 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively.”
Actual action of the downloaded suspicious file is just connecting to the Command and Controlling server and waits for further directions from the server. And so, a hacker can simply inject various malicious files from their inventory and also to steal important data from user’s device. As per the data from F-Secure, Trojan Downloader is expected to be written using Social Engineer Toolkit which is an Open Source Python Tool for penetration testing.
And we have to be more careful because on upcoming 29th July 2012 at World Hackers Conference 2012, Researchers Sina Hatef and Arash Shirkhorshdi are to introduce Graviton Malware which is also a cross platform malware. So it’s a part of hacker’s activities to move to the world of Apples and great Penguins rather than Windows. Through Graviton Malware, a hacker can get information about your PC like CPU Details, Disk Details, Memory Usage, OS Version, and username. Graviton is powered by ‘C’ and ‘ASM.’
Reading all these facts, you can surely decide that no manufacturer can offer 100% security in their devices and OS’s because hackers have exhibited their skills by pulling all operating systems to a highly important security threat. So as usual we are saying, Be careful before doing anything on web.