Multi-platform backdoor malware targets Windows, Mac and Linux users

Windows, Linux, Mac OS X under attackMost of the malware that we analyse inside SophosLabs targets Windows users.

And that makes sense for the cybercriminals – after all, more people are using Windows as their desktop operating system than any other platform.

But if malicious hackers want to go the extra mile, and maximise their chances of infecting more people’s computers, they might well try to develop a multi-platform attack.

Yesterday, our friends at F-Secure discovered malware on a compromised Colombian transport website that was capable of infecting Windows, Mac and Linux users.

Sign up to our free newsletter.
Security news, advice, and tips.

Visiting a hacked webpage, triggers a JAR (Java Archive) file which will ask permission to do its business – secretly determining if you are running Windows, Mac OS X or Linux.

Section of Java code

Once it has found out which operating system you are running, the Java class file will download the appropriate flavour of malware, with the intention of opening a backdoor that will give hackers remote access to your computer.

Sophos products detect the various components of the attack as Troj/JavaDl-NJ, Mal/Krap-D, OSX/Dloadr-DPG and Linux/Dldr-GV.

This isn’t, of course, the first cross-platform malware that we have seen. For instance, in 2010 we saw the Boonana malware which similarly used a malicious Java applet to deliver a cross-platform attack that attempts to download further malware on Windows, Unix and Mac OS X.

And earlier this year we saw a Python-based malware attack against both Macs and Windows PCs. Not to mention the numerous fake anti-virus attacks which have been created to infect the computers of Windows and Mac users alike.

Although the amount of malware written for different operating systems can vary, it’s becoming increasingly hard to argue on any OS that it’s safe to surf the web without anti-virus protection.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.