According to security researchers at F-Secure and Kaspersky Lab, a new threat of social engineering uses a Java application to attack Windows computers, Linux and Mac
According to a post of a senior analyst at F-Secure, Karmina Aquino, the attack was detected at a site in Colombia. When users visited him, was asked to run a Java application that does not contain any signed certificate.
Given permission, the application checks which the user’s operating system – Windows, Mac OS or Linux – and injects a malicious binary file accordingly.
The files were detected by F-Secure as “Backdoor: OSX / GetShell.A”, “Backdoor: Linux / GetShell.A” and “Backdoor: W32/GetShell.A.” They aim to make a connection with a remote command and control (C & C) and look for other malicious code to be downloaded and executed.
However, since the F-Secure researchers began tracking the attack, the remote server did not release additional codes, according to Aquinas.
It seems that the scam uses the Social Engineer Toolkit (SET), a public tool designed for penetration testing – a method used to assess the safety of a computer system or network.However, the chances of a penetration test to be allowed by the owner of the website are remote. “Do not believe it is a penetration test,” said Constin Raiu, director of the research team and comprehensive analysis of antivirus company Kaspersky Lab
Also according to Raiu, researchers are monitoring the company’s two separate sites that contain this malware. A page is also Colombian discovered by F-Secure, while the other belongs to a water park in Barcelona, Spain. The presence of this threat in a second Spanish site indicates that the attack is not found.
Kaspersky researchers are analyzing malware like backdoor – which allows remote control – downloaded malicious code injected into the Windows and Linux computers.
“The Win32 port of entry is large, about 600 KB, the Linux is even larger, 1MB,” said Raiu.“Both seem to contact a very complex encryption code that communicates with other servers.”
It is not the first time experts discover an attack platform. In 2010, a Java app similar to that allowed malicious code to run on Windows, Mac and Linux, was used to distribute viruses Boonana . “Such attacks point to the fact that Linux and Mac OS are starting to become interesting targets for cybercriminals,” said Raiu.
According to Aquino, other hackers could use this type of attack in the future because it allows more users are affected and widely distribute their creations.