The first ever crimeware kit targeting Apple's Mac OS X has been spotted, featuring stark similarities to the popular Zeus toolset targeting Windows PCs.
The DIY kit can grab forms from Firefox running on the Apple OS, meaning passwords could be taken, alongside other information the victim types in the browser, Danish security firm CSIS reported.
Consisting of a builder and an admin panel, the kit has been advertised on a number of closed underground forums.
"The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Apparently, a dedicated iPad and Linux release are under preparation as well," said Peter Kruse, partner and security specialist at CSIS, in a blog post.
Kruse said the kit only enabled web injects and form grabbing in Firefox at the current time, but warned both Chrome and Safari "will soon follow."
"CSIS finds this crimekit to be quite disturbing news since Mac OS previously to some degree has been spared from the increasing amount of malware which has haunted Windows-based systems for years," he added.
"This could have resulted in a false sense of security that might make Mac OS user especially vulnerable to a sudden and highly sophisticated attack."
Mac issues
Mac users can expect increasing numbers of attacks in the future as hackers look towards a wider range of platforms, according to experts.
Sophos today warned of a poisoned Google SEO attack affecting both Mac and Windows users.
A number of search terms have been targeted, including ones based around global warming and more current topics like Osama bin Laden's death, attempting to lure users into downloading a fake anti-virus program called MacDefender.
Even after infection, the user will be repeatedly bombarded with fake warning messages to encourage them to pay for non-existent threats to be removed, Sophos said.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Common malware slipped past the macOS notarization process twiceNews Apple immediately revoked the notarization, but the adware slipped through again
-
Mac and Android malware on the rise, reports showNews New research suggest that malware for the two device families has spiked over the past year
-
Mac malware Eleanor hijacks your local files and emailNews Malicious code masquerades as file converter
-
Apple-certified ransomware affected fewer than 7,000 computersNews Downloads of KeRanger-infected Transmission BitTorrent client less widespread than feared
-
17,000 Macs hit by hackers via RedditNews The criminals infected the Apple computers with malware called Mac.BackDoor.iWorm
-
Shellshock: Apple rolls out OS X patches for Bash bugNews “Safe by Default” Macs get patched just in case
-
Calls for Java overhaul grow as more security flaws emergeNews Security experts suggest problems in the development cycle of Java could be to blame for recent security woes.
-
Adobe unveils Flash Player security updateNews Software vendor to plug security holes in media player with latest product update.
