 |
 |
Crimekit for MacOSX launched
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status:
Offline
|
|
The first advanced DIY (Do-It-Yourself) crimeware kit aimed at the Mac OS X platform has just been announced on a few closed underground forums. Detailed information about this crimeware kit is not being leaked publicly and the authors of the kit are obviously trying to stay below the radar allowing only vetted users of the forums to see most of the content.
The Danish IT-security company CSIS Security Group has just yesterday observed a new advanced Form grabber designed for the Mac OS X operating system being advertised on several closed underground forums. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption.
The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Apparently, a dedicated iPad and Linux release are under preparation as well.
The Weyland-Yutani BOT supports web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow. The webinjects templates are identical to the ones used in Zeus and Spyeye.
CSIS eCrime Unit is in possession of videos documenting both the admin panel and its functionality as well as the builder itself. Both video clips prove this kit to be fully operational already. This v1.0 of the BOT has a license price for the complete kit equal to 1,000 WMZ/LR.
CSIS finds this crimekit to be quite disturbing news since MacOS previously to some degree has been spared from the increasing amount of malware which has haunted Windows-based systems for years. This could have resulted in a false sense of security that might make Mac OS user especially vulnerable to a sudden and highly sophisticated attack.
Update:
Meanwhile the video demonstrating how the kit works and how it can collect passwords through formgrabbing has been made available on Youtube:
YouTube - 1.mp4
Source: CSIS: Crimekit for MacOSX launched
I guess I am safe as I run iCab as my main browser but, should other people worry a bit? 
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Apr 2002
Location: Illinois
Status:
Offline
|
|
Meh. Lion's around the corner and they'll need to think of new ways to capture the input.
They still have to get the software onto your computer.
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status:
Offline
|
|
With all due respect, I have to wonder why this has been moved to Apps… It is not like this is a software you might want to download but kind of a OS X security threat. 
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Dec 1999
Status:
Offline
|
|
I never understood the price point of these crimeware. If you're doing something illegal anyway, why bother buying the kit in the first place?
|
|
"…I contend that we are both atheists. I just believe in one fewer god than
you do. When you understand why you dismiss all the other possible gods,
you will understand why I dismiss yours." - Stephen F. Roberts
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2000
Location: Vancouver B.C.
Status:
Offline
|
|
I got a call to my Mac Support line on Saturday night from someone who got a "Your Computer is Infected" and then they downloaded and installed the "Mac Defender" software and I had no choice but to help them through formatting there hard drive and re-installing from scratch. On top of that they had already entered their credit card info into the buy without submitting it. I had to tell them they need to cancel their credit card as the "AntiVirus" software had most likely logged their keystrokes and captured their credit card info!
People this is real and we are no longer safe! At least the software still requires an admin password to install.
What really sold me (even though I was already sold on "Mac Defender" being a trojan horse/virus was it saying with the free scan all there OS X apps were rootkits.
|
Get busy living or get busy dying --Stephen King
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
No one on the open Internet is ever completely safe no matter what computer platform is being used. There are always social engineering opportunities that will ensnare some less discerning people. The growth of the Mac platform is inviting more malicious hacker interest, but that's a byproduct of the Mac and Apple's modern success. All that means that Apple has to continue to improve its security and meet the new security challenges, but Daring Fireball had a really incisive article recently that showed that people have been panicking about the alleged growing threat of Mac malware for years while in fact the Mac malware threat out there in the real world remains minuscule.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Originally Posted by Mac Write 
I got a call to my Mac Support line on Saturday night from someone who got a "Your Computer is Infected" and then they downloaded and installed the "Mac Defender" software and I had no choice but to help them through formatting there hard drive and re-installing from scratch. On top of that they had already entered their credit card info into the buy without submitting it. I had to tell them they need to cancel their credit card as the "AntiVirus" software had most likely logged their keystrokes and captured their credit card info!
People this is real and we are no longer safe! At least the software still requires an admin password to install.
What really sold me (even though I was already sold on "Mac Defender" being a trojan horse/virus was it saying with the free scan all there OS X apps were rootkits.
That's a real trojan, all right, and was written up by Intego.
The Mac Security Blog � Intego Security Memo – MAC Defender Fake Antivirus Program Targets Mac Users
|
|
|
| |
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Wasilla, Alaska
Status:
Offline
|
|
Originally Posted by Mac Write
... and I had no choice but to help them through formatting there hard drive and re-installing from scratch.
Ummm.. They paid you for this "service"? This trojan is braindead simple to get rid of. You had them wipe and reinstall from scratch? 
On top of that they had already entered their credit card info into the buy without submitting it. I had to tell them they need to cancel their credit card as the "AntiVirus" software had most likely logged their keystrokes and captured their credit card info!
Really? Nothing I've read about this trojan has reported anything about it being a keylogger. Nothing wrong with being on the safe side, but if they didn't submit the card number they were probably fine.
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status:
Offline
|
|
I was going to include that link to Intego blog, but didn't as I sort of expected topic would become useless as people might just reply 'it is FUD'.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Originally Posted by AKcrab
Ummm.. They paid you for this "service"? This trojan is braindead simple to get rid of. You had them wipe and reinstall from scratch?
Really? Nothing I've read about this trojan has reported anything about it being a keylogger. Nothing wrong with being on the safe side, but if they didn't submit the card number they were probably fine.
Sounds like an abundance of caution. I would advise the same in a similar situation.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Dec 2000
Status:
Offline
|
|
Yeah, no harm in being cautious when it comes to potential identity theft.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top