Apple MacOSX Malware: Java Exploit Phase 2
As noted in a previous article, MacOSX experienced a pretty severe malware exploit, through an Oracle Java vulnerability. It appears a second Java exploit targeting Apple Macintosh OSX is current active on the Internet.
Apple engaged a Java fix, as well as forcing the shutdown of Java applets, by default. The latter was considered pretty heavy-handed, but considering the second exploit was just revealed, one must wonder whether Apple was aware of this issue looming on the horizon.
New Java Exploit:
An writer at securelist.com described the new malware issue.
This new threat is a custom OS X backdoor, which appears to have
been designed for use in targeted attacks. After it is activated on an infected
system, it connects to a remote website in typical C&C fashion to fetch
instructions. The backdoor contains functionality to make screenshots of the
user’s current session and execute commands on the infected machine.
It appears from the screenshot that there is a Microsoft ASPX involved, in the malware. a Microsoft system seems to be receiving/controlling the malware. Whether this means this is some type of hybrid malware (infecting a Microsoft system) or the malware designer is using Microsoft OS as their virus distribution system is an interesting question.