New Mac malware GetShell discovered
Published July 10th, 2012 at 10:07 PM EDT , modified March 11th, 2013 at 7:19 PM EDT
F-Secure has discovered new malware that is capable of installing via drive-by download on Mac, Windows and Linux systems. This is accomplished through a Java applet that requests access to your system, and if granted, it then detects the OS being used and installs the malware that is appropriate for that system.
The Mac version of this malware is, apparently, PowerPC code only, however. This means it will only work on systems up to Mac OS X 10.5, or on 10.6 if Rosetta has been installed (which is optional, but many people using 10.6 did that). It will not work at all on Mac OS X 10.7 (Lion). In addition, most people running 10.6 or later have, thanks to the attention drawn to the issue by Flashback, updated Java, meaning that the vulnerabilities this malware relies on are closed.
Some have commented that this is a sign that the author of this malware was not particularly savvy. However, I have a different take on the matter. Many people (though by no means all) who are still using older PowerPC machines at this point may be less-savvy users. As such, these users may make a better target for a social exploit like this one. Whether this idea is actually accurate is debatable, but is undoubtedly worth some experimentation by hackers.
F-Secure, first to announce discovery, has named this malware GetShell (names vary, but always containing the word GetShell, depending on the component detected). Intego detects it as OSX/SET.gen. I’m sure other AV companies will come up with their own unrelated names as well.