Create A Mac Zombie Army, Cheap: Hacker Emptor

  /     /     /  
Publicated : 22/11/2024   Category : security


Create A Mac Zombie Army, Cheap: Hacker Emptor


NetWeird malware toolkit promises to convert Macs into zombies ready to do botnet bidding. But some security experts say this is a case of criminals trying to out-scam each other.



11 Security Sights Seen Only At Black Hat (click image for larger view and for slideshow)
Going once, going twice: The new NetWeird toolkit can be used to infect Apple OS X systems, converting Macs into zombies ready to do your botnet bidding, with prices starting at just $60.
Thats the pitch for cross-platform malware thats been recently spotted for sale on underground forums by information security researchers at Mac antivirus software maker Intego.
All told, remote-access and data-pilfering malware can monitor running processes, send shell commands, take screenshots, download and run files, and identify front-most window titles, according to an
analysis of NetWeird
(a.k.a. NetWrdRC) published by Sophos. In addition, it said, the malware can harvest stored and encrypted usernames and passwords from Opera, Firefox, SeaMonkey, and Thunderbird browsers and mail clients. Its able to infect Apple OS X (versions 10.6 and newer), Linux, Solaris, and Windows systems.
[ For more on Apples iOS security efforts, read
Apple Security Talk Suggests iOS Limits
. ]
Security researchers have yet to recover the dropper, or installer, used to get the malware onto targeted systems, but once there, the Mac version application has a miniscule footprint--just 77K. Once installed, it attempts to phone home to a
command-and-control server
in the Netherlands.
But while malwares price point--relative to more established players such as the
Zeus financial toolkit
or
Crisis malware
--makes it a bargain, the attack code comes with a catch: its riddled with amateur errors, making it less a threat to targeted operating systems than your wallet.
Focusing only on the Mac version, the developers ineptitude includes the placement of the malware application itself, titled WIFIADAPT.app.app, which shows up in an Apple users home folder. Next to Downloads, Desktop, Music, and other essential folders, the malware sticks out like a sore thumb.
The malware also lacks any state-of-the-art
obfuscation techniques
, although the website for the developers of NetWeirdRC also lists the undetected nature of this tool as a selling point, said Lysa Myers, a security researcher at Intego, in a
blog post
. But security through obscurity is an
unreliable proposition
, and in the case of the publicity now enjoyed by NetWeird, its obviously no longer a valid selling point.
NetWeird also has a persistence problem, since thanks to a coding error, malware infections on Macs seem incapable of surviving a reboot. It adds itself to your login items, presumably with the intention of loading up every time you reboot your Mac, said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a
blog post
. But a bug means that it adds itself as a folder, not an application. All that happens when you log back in is that Finder pops up and displays your home directory.
The malware also chokes in the face of
new Apple OS X security controls
. On any Mac running the latest operating system, Mountain Lion (a.k.a. 10.8), set to default security settings, the malware wont be able to install itself, because its not from the App Store and isnt digitally signed by an Apple-endorsed developer, said Ducklin.
It seems that the crooks really are getting into the habit of churning out new Mac malware, not to show how clever they are, but merely to see if they can repeat the trick thats worked on Windows for years: making money out of next to nothing, he said.
NetWeird also highlights how not every bent developer can double as a botnet-designing whiz kid. Its interesting to compare and contrast Crisis and NetWeirdRC, as they are both commercially available products. While Crisis is an advanced threat which hides itself reasonably well, NetWeirdRC has a number of glaring issues, said Integos Myers. Perhaps the price tag tells us all we need to know: Crisis sells for $250,000, and NetWeirdRC starts at $60.
In another light, NetWeird simply represents criminals trying to out-scam each other. Just as
scammers use scareware
to socially engineer consumers into paying for products that pretend to rid their PCs of viruses they dont have, some malware developers are now selling bargain-rate, busted Mac botnet toolkits to unsuspecting buyers.
It would seem that you get what you pay for, even in the malware world, said Myers.
One of the biggest challenges facing IT today is risk assessment. Risk measurement and impact assessment arent exact sciences, but there are tools, processes, and principles that can be leveraged to ensure that organizations are well-protected and that senior management is well-informed. In our
Measuring Risk: A Security Pros Guide
report, we recommend tools for evaluating security risks and provide some ideas for effectively putting the resulting data into business context. (Free registration required.)

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Create A Mac Zombie Army, Cheap: Hacker Emptor