In January of this year, a complex malware strain that works across Linux and Windows systems was discovered by security researchers. This backdoor spying software, designed to covertly steal confidential data from machines, was codenamed "Mokes."
Now it looks like the breadth of the Mokes campaign is expanding.
Software security analyst Stefan Orloff recently revealed that the sophisticated cross-platform malware strain now has a variant for OS X.
This rare multi-system triple threat is particularly dangerous because it secretly takes screenshots, logs keystrokes, can take audio/video clips, access a computer's files, and even control a machine remotely if desired.
Basically, the backdoor malware puts a computer, and in this case, any machine running Linux, Windows, or OS X, virtually any computer currently in operation, under a hacker's control.
Similar to the Linux and Windows strain, the OS X variant, called Mokes.A, reportedly takes screenshots of a Mac's display every 30 seconds. It also logs every keystroke a victim makes on the compromised system. The screenshots and key logs are saved in a temporary location on the computer, to be sent to and collected by the attacker's command and control (C & C) server using secure AES-256 encryption.
This combination of screenshots and recorded keystrokes could have devastating consequences. Sensitive information, including credit card numbers, user credentials, and passwords for banking portals and other web accounts can easily be deciphered and stolen using this data.
Mokes' ability to send local files, like office documents, and even capture audio and video from an infected computer is just icing on the proverbial hacking cake. This sophisticated malware is, quite simply, an all-out attack to steal and pilfer everything from an unsuspecting victim's machine.
Although widespread Mac malware is still rare at this point, this, of course, is not the first time OS X has been targeted this year.
In June, we reported about a backdoor trojan named Backdoor.MAC.Eleanor that disguises itself as a document converter.
Just last month, Apple issued urgent security OS X patches to address the zero-day Pegasus vulnerabilities that were found to affect Macs as well. These vulnerabilities can grant an attacker complete control of a remote Mac or iOS device with just a click of a single poisoned link.
With the increasing popularity of Macs, it is apparent that cyber criminals are diversifying their malware efforts. As evidenced by Mokes, they are now developing cross-platform versions of the same malicious applications that target multiple operating systems. This certainly falls in line with the recent shotgun approach - casting a wider net to infect more systems - these cyber thieves seem to be employing.
How to guard against Mokes
Although Orloff did not specify how the Mokes.A malware can be installed on a computer, we suspect it is through the regular vectors - poisoned links, drive-by downloads, trojan software.
The best way to protect yourself from such attacks is to avoid installing software from shady sources like cracked software websites or peer-to-peer file sharing protocols like Bit-Torrent.
It is also essential to keep your operating systems and applications up-to-date and patched with the latest security patches to close potential security holes that hackers could take advantage of.
To read the technical details of Mokes' Linux (Backdoor.Linux.Mokes.a) and Windows (Backdoor.Win32.Mokes.imv) variants, check out Ortloff's report here.
For Ortloff's OS X Mokes report, click here.