OFFICIAL SECURITY BLOG
Tech News News Favorites Adware Medic Tech Guides About Us
Mac Malware GuideAdware Removal GuideMac Performance Guide

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

New NetWeird malware discovered

Published August 24th, 2012 at 1:34 PM EDT , modified August 24th, 2012 at 1:34 PM EDT

A new malware remote access kit named NetWeird has surfaced, though it is unclear whether it is actually “in the wild” yet or not. It has been written about by both Intego and Sophos, who have obtained it (from the sounds of things) from VirusTotal. Although it sounds like the current version isn’t much of a threat, it certainly could become more serious at any point.

The malware, which is reportedly being offered for sale for the paltry sum of $60, is evidently quite poorly written. According to Sophos, it installs an app named WIFIADAPT.app.app in the user’s home folder. The doubling of the .app extension in the name, as well as the obviousness of the app’s placement, seem to suggest a lack of familiarity with the Mac on the part of the hacker(s) responsible, and probably a lack of competency at programming in general. In addition, the program’s attempt to add itself to the user’s login items is a complete failure. Of course, for all we know, this may be an early pre-release version that somehow got leaked, and a more dangerous version may be in the works.

If installed, NetWeird apparently gives the hacker(s) behind it potential remote access to your system. What they might do with that remote access is unclear, though Sophos lists some possibilities that it would be fully capable of. They also point out that, as of the current version, this malware can be removed simply by deleting the app and then restarting. (Presumably logging out and back in would do the job as well.)

This malware is a simple trojan. It does not rely on Java vulnerabilities or Java-based social engineering to get itself installed, which is a change from most of the Mac malware that has appeared in 2012. As such, since it is not code-signed by a registered developer, Mountain Lion’s new Gatekeeper feature will stop it in its tracks, so long as you haven’t chosen to set it to allow all apps to open regardless of source. (For more information about Gatekeeper, see the How does Mac OS X protect me? section of my Mac Malware Guide.)

I guess it’s time for me to add item number 30 to my Mac Malware Catalog.

Tags: , , , ,

This post is more than 90 days old and has been locked. No further comments are allowed.