Cross-platform Boonana Trojan targets Facebook users

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

The Boonana Trojan has been making the headlines in the last 24 hours. The reason why the threat, which has been compared to Koobface – but is technically not a member of that malware family, has been getting so much attention is that it doesn’t just infect Windows, but targets Mac OS X and Linux computers too.

The Boonana Trojan horse appears to have been spread via Facebook in messages asking “is this you in this video”.

IMPORTANT! PLEASE READ. Hi <username>. Is this you in this video here : <link>

Clicking on the link takes you to an external website that displays an image of a woman (grabbed from the Hot Or Not website).

Sign up to our free newsletter.
Security news, advice, and tips.

Lady's picture

Visitors to the webpage who want to see more are prompted to give permission for an applet called JPhotoAlbum.class to be run from inside a Java Archive (JAR) called JNANA.TSA.

Warning message

Warning message

Whether you are running Windows, Mac OS X or Linux on your computer, if you give permission for the highly obfuscated Java app to run then the malware will sneakily download a variety of programs from the internet which it will then execute on your computer.

Files which can be downloaded include:

applet_hosts.txt
cplibs.zip
jnana_12.0.tsa
jnana.pix
OSXDriverUpdates.tar
pax_wintl.crc
pax_wintl.zip
rawpct.crc
rawpct.zip
rvwop.crc
rvwop.zip
VfxdSys.zip
WinStart.zip

Sophos detects various components of the attack as Troj/Boonana-A, Troj/KoobStrt-A, Troj/KoobInst-A, Troj/KoobCls-A, Troj/Agent-PDY, Troj/DwnLdr-IOX, and Troj/DwnLdr-IOY. In addition, Sophos’s web protection blocks access to the malicious webpages.

Don’t forget to always be careful about what links you click on, even if they appear to have been shared by someone you know on Facebook.

And if you’re a user of Linux or Mac OS X, don’t think that the malware problem only exists on Windows. Malicious hackers are becoming increasingly interested in targeting other platforms, and if users of your operating system have a reputation for being dismissive about the risk of malware on your preferred OS, the bad guys may consider you a soft target.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.