September 7, 2016
Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation.
Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution.
Cross-platform malware is loaded with specialized payloads and components, allowing it to run on multiple platforms.
One such malware family has recently been discovered by researchers at Kaspersky Lab, which run on all the key operating systems, including Windows, Linux, and Mac OS X.
Stefan Ortloff, a researcher from Kaspersky Lab’s Global Research and Analysis Team, first discovered the Linux and Windows variants of this family of cross-platform backdoor, dubbed Mokes, in January this year.
Now, the researcher today confirmed the existence of an OS X variant of this malware family, explaining a technical breakdown of the backdoor in a post on Securelist.
Alike the Linux and Windows variants, the OS X backdoor variant, Backdoor.OSX.Mokes.a, specializes in capturing audio-video, obtaining keystrokes as well as taking screenshots every 30 seconds from a victim’s machine.
The variant is written in C++ using Qt, a cross-platform application framework that is widely being used for developing applications to run on various software and hardware platforms.
The backdoor also has the capability to monitor removable storage like when a USB drive is connected to or removed from the computer.