A Mac OS-X crimeware kit is now available to griefers

[thewayne]

They've been available for Windows platforms for several years now, so it was kind of inevitable that one would eventually be made for OS-X. It basically makes it easy for griefers to make trojans, presumably for botnet and similar things. It runs on Windows but has the option of generating binaries for OS-X. And here's some more joy: ""The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Basically it's a GUI point & click interface to create payloads that are script kiddie friendly.

Apparently, a dedicated iPad and Linux release are under preparation as well. The Weyland-Yutani BOT supports web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow. The webinjects templates are identical to the ones used in Zeus and Spyeye.""

https://threatpost.com/en_us/blogs/crimeware-kit-emerges-mac-os-x-050211

There's also some fake Mac antivirus stuff going around: http://blog.intego.com/2011/05/02/intego-security-memo-macdefender-fake-antivirus/

http://apple.slashdot.org/story/11/05/02/2120203/OS-X-Crimeware-Kit-Emerges

At this point, the danger is if you open and run the payload, so once again, smarts is what will mostly keep you safe.

Comments

[silveradept]

Oh, yay. Browser-based attacks that work on all platforms. Should probably make sure that the anti-malware platforms on my OSes are running their daemons.