Apple Macs Targetted By Crimeware Toolkit

The OSX operating system now faces botnet software as well as a fake antivirus campaign launched via Google image searches on Osama Bin Laden.

Malware aimed at Macs has unexpectedly spiked in the early days of May. For starters, security experts are warning that the first-ever automated do-it-yourself crimeware kit that targets Apple OS X computers is now for sale on underground forums.
Detailed information about this crimeware kit is not being leaked publicly and the authors of the kit are obviously trying to stay below the radar, allowing only vetted users of the forums to see most of the content, according to a Tuesday
blog post
from Peter Kruse, partner and security specialist at Danish information security firm CSIS Security Group. The
crimeware toolkit
is marketed as Weyland-Yutani BOT and retails for $1,000. Its creators have also promised forthcoming versions for Linux and the iPad.
Based on videos obtained by CSIS, Kruse said that the toolkit appears to be fully operational. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel, and supports encryption, he said. The Weyland-Yutani BOT supports Web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow. The webinjects templates are identical to the ones used in Zeus and [SpyEye].
Kruse said the emergence of an advanced crimeware toolkit that targets Macs is quite disturbing news since MacOS previously to some degree has been spared from the increasing amount of malware which has haunted Windows-based systems for years.
Interestingly, on Tuesday, security software vendor Intego issued another Apple-related security warning, in this case for MACDefender, which is new
fake antivirus
software that targets Apple users. Also known as fake AV or scareware, such software pretends to be legitimate antivirus software, but in fact is fake software designed to con users into paying for it. Like much scareware, MACDefender spreads via poisoned search engine results, including searches relating to the death of Osama bin Laden.
According to a
post
to the SANS Internet Storm Center from Rob VandenBrink, a senior consulting engineer at Canadian consulting company Metafore, some users are reporting that the software demands $99 upon installation, payable immediately via PayPal.
The scareware file arrives as a compressed zip file containing a JavaScript executable. VandenBrink warned that if you have Open Safe files after downloading enabled in Safari, downloading this file will auto-install this code.
According to Integos
security advisory
, the risk posed by MACDefender is relatively low, and while the scareware is circulating in the wild, its doing so in relatively small quantities.
That said, the software does a good job of disguising itself as the real deal. Furthermore, the malware can also make a major nuisance of itself. MACDefender also opens Web pages for pornographic websites in the users Web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MACDefender will relieve them of the problem, said Intego.
While the software is relatively harmless, its interesting because to date no scareware creators have bothered to target Apple OS X computers. In the past, these types of sites--very common vectors of Windows malware--only delivered Windows .exe applications, said Intego. The fact that such a site is providing a Mac rogue antivirus is new, and extremely rare. While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Apple Macs Targetted By Crimeware Toolkit