Short Bytes:A cross-platform malware family has been reported by a security researcher from Kaspersky Lab. The malware can create a backdoor on Windows, Linux, and Mac OS X machines to collect data which can be transmitted to Command and Control Server over an encrypted connection.

A similar kind of backdoor called Mokes wasreportedfor Linux and Windows operating systems by security researcher Stefan Ortloff of Kaspersky Lab in January this year.

cross-malware-hack-windows-linux-osx

For Linux, the backdoor malware calledDropboxCacheakaBackdoor.Linux.Mokes.acomes wrapped in a UPX ( Ultimate Packer for eXecutables) file. After initial execution on a Linux machine, it replicates itself to the following locations if it feels the need to do so,

For Windows, this 32-bit Mokes.a variant has a nameOLMyJuxM.exeakaBackdoor.Win32.Mokes.imv.As the name suggests it is an executable file. It copies itself to nine different locations in %AppData% folder on the affected Windows machine along with creating an entry in Windows Registry.

What Mokes.a can do?

Ortloff describes that the Mokes malware is a great spy. It establishes an encrypted connection to a C&C (Command and Control) Server using AES 256-CBC encryption. It can capture user keystrokes, scan for files like office documents on the machine, monitor USB storage, take screenshots every 30 secs, and record audio and video clips. It can send all the data to its C&C server which is controlled by the attacker.

The malware can also create a temporary file of the collected data if the C&C server is not available for transfer. For instance, when the host device is disconnected from the internet.

The Missing Piece

Several months later, Ortloffhas managedto find the brother of the cross-platform backdoor family Mokes.a on the Mac OS X operating system.Backdoor.OSX.Mokes.ais written in C++ using the cross-platform framework Qt. It has similar capabilities as described for other variants.

The cross-platform malware variant on Mac OS X replicates itself in the following locations:

With the inputs fromThe Hacker News

If you have something to add, tell us in the comments below.

Follow the link and get 30% off onPython Penetration Testing With Kali Linux.