Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Applications > Crimekit for MacOSX launched

Crimekit for MacOSX launched
Thread Tools
angelmb
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status: Offline
Reply With Quote
May 4, 2011, 05:05 AM
 
The first advanced DIY (Do-It-Yourself) crimeware kit aimed at the Mac OS X platform has just been announced on a few closed underground forums. Detailed information about this crimeware kit is not being leaked publicly and the authors of the kit are obviously trying to stay below the radar allowing only vetted users of the forums to see most of the content.

The Danish IT-security company CSIS Security Group has just yesterday observed a new advanced Form grabber designed for the Mac OS X operating system being advertised on several closed underground forums. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption.

The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Apparently, a dedicated iPad and Linux release are under preparation as well.

The Weyland-Yutani BOT supports web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow. The webinjects templates are identical to the ones used in Zeus and Spyeye.

CSIS eCrime Unit is in possession of videos documenting both the admin panel and its functionality as well as the builder itself. Both video clips prove this kit to be fully operational already. This v1.0 of the BOT has a license price for the complete kit equal to 1,000 WMZ/LR.

CSIS finds this crimekit to be quite disturbing news since MacOS previously to some degree has been spared from the increasing amount of malware which has haunted Windows-based systems for years. This could have resulted in a false sense of security that might make Mac OS user especially vulnerable to a sudden and highly sophisticated attack.

Update:
Meanwhile the video demonstrating how the kit works and how it can collect passwords through formgrabbing has been made available on Youtube:
YouTube - 1.mp4

Source: CSIS: Crimekit for MacOSX launched


I guess I am safe as I run iCab as my main browser but, should other people worry a bit?
     
King Bob On The Cob
Mac Elite
Join Date: Apr 2002
Location: Illinois
Status: Offline
Reply With Quote
May 4, 2011, 04:22 PM
 
Meh. Lion's around the corner and they'll need to think of new ways to capture the input.

They still have to get the software onto your computer.
     
angelmb  (op)
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status: Offline
Reply With Quote
May 4, 2011, 04:26 PM
 
With all due respect, I have to wonder why this has been moved to Apps… It is not like this is a software you might want to download but kind of a OS X security threat.
     
olePigeon
Clinically Insane
Join Date: Dec 1999
Status: Offline
Reply With Quote
May 4, 2011, 06:09 PM
 
I never understood the price point of these crimeware. If you're doing something illegal anyway, why bother buying the kit in the first place?
"…I contend that we are both atheists. I just believe in one fewer god than
you do. When you understand why you dismiss all the other possible gods,
you will understand why I dismiss yours." - Stephen F. Roberts
     
Mac Write
Mac Elite
Join Date: Aug 2000
Location: Vancouver B.C.
Status: Offline
Reply With Quote
May 12, 2011, 05:26 PM
 
I got a call to my Mac Support line on Saturday night from someone who got a "Your Computer is Infected" and then they downloaded and installed the "Mac Defender" software and I had no choice but to help them through formatting there hard drive and re-installing from scratch. On top of that they had already entered their credit card info into the buy without submitting it. I had to tell them they need to cancel their credit card as the "AntiVirus" software had most likely logged their keystrokes and captured their credit card info!

People this is real and we are no longer safe! At least the software still requires an admin password to install.

What really sold me (even though I was already sold on "Mac Defender" being a trojan horse/virus was it saying with the free scan all there OS X apps were rootkits.
Get busy living or get busy dying
--Stephen King
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
May 12, 2011, 10:31 PM
 
No one on the open Internet is ever completely safe no matter what computer platform is being used. There are always social engineering opportunities that will ensnare some less discerning people. The growth of the Mac platform is inviting more malicious hacker interest, but that's a byproduct of the Mac and Apple's modern success. All that means that Apple has to continue to improve its security and meet the new security challenges, but Daring Fireball had a really incisive article recently that showed that people have been panicking about the alleged growing threat of Mac malware for years while in fact the Mac malware threat out there in the real world remains minuscule.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
May 13, 2011, 12:12 AM
 
Originally Posted by Mac Write View Post
I got a call to my Mac Support line on Saturday night from someone who got a "Your Computer is Infected" and then they downloaded and installed the "Mac Defender" software and I had no choice but to help them through formatting there hard drive and re-installing from scratch. On top of that they had already entered their credit card info into the buy without submitting it. I had to tell them they need to cancel their credit card as the "AntiVirus" software had most likely logged their keystrokes and captured their credit card info!

People this is real and we are no longer safe! At least the software still requires an admin password to install.

What really sold me (even though I was already sold on "Mac Defender" being a trojan horse/virus was it saying with the free scan all there OS X apps were rootkits.
That's a real trojan, all right, and was written up by Intego.

The Mac Security Blog Intego Security Memo – MAC Defender Fake Antivirus Program Targets Mac Users

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
AKcrab
Moderator Emeritus
Join Date: Apr 2001
Location: Wasilla, Alaska
Status: Offline
Reply With Quote
May 13, 2011, 12:35 AM
 
Originally Posted by Mac Write View Post
... and I had no choice but to help them through formatting there hard drive and re-installing from scratch.
Ummm.. They paid you for this "service"? This trojan is braindead simple to get rid of. You had them wipe and reinstall from scratch?
On top of that they had already entered their credit card info into the buy without submitting it. I had to tell them they need to cancel their credit card as the "AntiVirus" software had most likely logged their keystrokes and captured their credit card info!
Really? Nothing I've read about this trojan has reported anything about it being a keylogger. Nothing wrong with being on the safe side, but if they didn't submit the card number they were probably fine.
     
angelmb  (op)
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status: Offline
Reply With Quote
May 13, 2011, 12:38 AM
 
I was going to include that link to Intego blog, but didn't as I sort of expected topic would become useless as people might just reply 'it is FUD'.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
May 13, 2011, 01:33 AM
 
Originally Posted by AKcrab View Post
Ummm.. They paid you for this "service"? This trojan is braindead simple to get rid of. You had them wipe and reinstall from scratch?

Really? Nothing I've read about this trojan has reported anything about it being a keylogger. Nothing wrong with being on the safe side, but if they didn't submit the card number they were probably fine.
Sounds like an abundance of caution. I would advise the same in a similar situation.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
May 13, 2011, 10:55 AM
 
Yeah, no harm in being cautious when it comes to potential identity theft.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 12:08 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,