• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Java Based Cross Platform Malware Trojan (Mac/Linux/Windows)

January 20, 2011

Views: 17,713

It’s pretty rare to read about malware on the Linux or Mac OSX platforms and even more rare to read about cross-platform malware which targets both AND Windows by using Java.

A neat piece of coding indeed, it targets vulnerabilities in all 3 operating systems – the sad thing? The malware itself is vulnerable to a basic directory traversal exploit, which means rival gangs can actually commandeer the infected targets.

They went to lengths to keep it secure and unseen (encrypted communications etc) – but didn’t program the malware itself securely…

From the department of cosmic justice comes this gem, spotted by researchers from Symantec: a trojan that targets Windows, Mac, and Linux computers contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines.

Known as Trojan.Jnanabot, or alternately as OSX/Koobface.A or trojan.osx.boonana.a, the bot made waves in October when researchers discovered its Java-based makeup allowed it to attack Mac and Linux machines, not just Windows PCs as is the case with most malware. Once installed, the trojan components are stored in an invisible folder and use strong encryption to keep communications private.

The bot can force its host to take instructions through internet relay chat, perform DDoS attacks, and post fraudulent messages to the victim’s Facebook account, among other things.

Now, Symantec researchers have uncovered weaknesses in the bot’s peer-to-peer functionality that allow rival criminals to remotely steal or plant files on the victim’s hard drive. That means the unknown gang that took the trouble to spread the infection in the first place risks having their botnet stolen from under their noses.

“Even though it’s encrypted and even though it was written in Java to make it cross-platform, it was still vulnerable to basically a directory transversal exploit,” Dean Turner, director of Symantec’s Global Intelligence Network, told The Reg. “From a technical perspective, it goes to show that even if you have all those things where you’re building in a secure platform, if you’re not building application security into your malware, other bad guys will probably take advantage of it.”

It’s somewhat of an odd decision though, in terms of numbers obviously Windows machines far outnumber Linux and OSX desktop installations. On the web-server front perhaps Linux is a valuable target – but on consumer desktops? Is it really worth the effort for malware creators to make cross-platform trojans? Personally I don’t think it is, maybe it was just an experiment.

The number of Apple machines is certainly growing, the next big market we are going to see is tablets and smartphones I believe. I’d be on the lookout for more iOS and Android worms/trojans in coming months.

A self-replicating stealthy Android trojan with a previously unpatched zero-day remote root exploit could be devastating.

Jnanabot’s P2P feature is designed to make botnets harder to take down by providing multiple channels of communication. After sending an infected machine a single GET request, a website can discover all the information needed to upload any file to any location on the host’s file system. Attackers can then install a simple backdoor on a user’s machine by, for instance, writing a malicious program to a computer’s startup directory.

Attackers can use the same vulnerability to steal files on infected machines.

Turner said the number of Jnanabot infections so far is “measured in the thousands,” rather than the hundreds of thousands for some of the better-known trojans. Still, infection statistics gathered by Symantec in December are surprising. They show that about 16 per cent of infections hit Macs. They didn’t show any infections on Linux machines. Turner said that Jnanabot attacks on the open source platform weren’t able to survive a reboot.

The bot was discovered spreading over Facebook posts that planted the following message on infected users’ Facebook pages: “As you are on my friends list I thought I would let you know I have decided to end my life.” An included link leads recipients to a cross-platform JAR, or Java Archive file that can run on Windows, Mac, or Linux. Once the recipient is infected, his Facebook page carries the same dire warning.

It seems like the trojan theoretically can attack Linux, but so far hasn’t been seen in the wild and it can’t survive a reboot. Not that it really matters as from my experience most Linux users never reboot anyway except for kernel upgrades (which isn’t that often).

Perhaps it just doesn’t work that well on Linux, or Linux users don’t believe in installing JVM – it doesn’t usually come standard with OS installs as it’s considered non-free software.

The chosen vector for replication seems to be Facebook and a rather dramatic faux-suicide note – which sadly I think will be very effective.

Source: The Register

Share
Tweet43
Share13
Buffer
WhatsApp
Email
56 Shares

Filed Under: Apple, Linux Hacking, Malware, Windows Hacking Tagged With: koobface, mac malware, mac trojan, mac-virus



Reader Interactions

Comments

  1. Bredsaal says

    January 21, 2011 at 3:17 am

    Heh, pretty funny actually. But why can’t the trojan survive a reboot of a Linux system? It’s a matter of adding an entry to a configuration file.

    Bad programming or maybe just because Linux isn’t that common yet?

    /bredsaal

  2. kjleo says

    January 21, 2011 at 11:14 am

    Now this is getting scary again, Running windows 7, android 2.2 Galaxy s etc. Makes me wonder, is there a clever guy or girl, who could put some code up which would recognise the fact that a file has been created behind the administrators permission in any occasion! :~ Surely an automatic file generation without permission could be looked into. Saying this I am a bit new to this kind of thought provoking post, as my knowledge and ability increases I will give this and other problems some thought, te he facebook I wonder whats next for them eh ?. Well if someone has a comment id be happy to talk about my idea. Ta !

  3. pwnsauce says

    January 25, 2011 at 10:27 am

    I reckon these Java based trojans will become all the rage in future. Anyone got source for this or for Stuxnet? I am still dissecting ZeuS variants but I am interested in dissecting as much recent ‘groundbreaking’ (to me) malware as I can…

  4. Matt Kukowski says

    February 20, 2011 at 1:31 am

    Ha! Well of course it doesn’t survive on Linux. Linux actually has security built into the file system. It has security also in layers like App Armor which is standard for all Ubuntu servers. And Linux admins tend to be a little more security minded and literal (like myself) to know to keep software updated, reduce the attack surface (class all unneeded ports) and try to hack your own system with nmap and other scanning tools.

    Windows is so insecure it is no even funny. In fact, the ONLY reason a company like Symantec can exist ( along with the thousands of other anti malware companies ) is because Microsoft Windows needs a reprogram, which they do not intend to do.

    Apple on the other hand has re purposed their OS with OS X (Yes, stealing or borrowing from the open source world an OS called BSD )

    At least Apple has SOME security which is fixable when discovered.

    But, I am sorry to say that Microsoft Windows can not be ‘patched’ with anymore bullshit layers like pop up confirmations and other tricks that do not work like DEP.

    SO! There ya have it… do not run Windows if you can get away with it!!!

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 310

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 337

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 532

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 521

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 707

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Views: 8,976

Introduction: How Much of the Internet Can You See? You're only scratching the surface when you … ...More about Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (227)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,292,515)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,075)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,616)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,677)
  • Password List Download Best Word List – Most Common Passwords (933,467)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,137)
  • Hack Tools/Exploits (673,290)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,148)

Search

Recent Posts

  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025
  • Understanding the Deep Web, Dark Web, and Darknet (2025 Guide) April 30, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy