Hot on the heels of a newly discovered iOS exploit that allows access to locked iPhones, new reports [1] [2] from security research firms SecureFirm and Intego reveals that a new trojan is targeting Mac users using a vulnerability in OS X's Java player.
According to the Intego report the new malware, trojan.osx.boonana.a, is really a reworked version of the Koobface malware, which has attacked Windows in the past. The malware acts as a worm when it spreads and as a trojan when it is infecting your computer.
Users may encounter the worm via links posted on Facebook, MySpace, Twitter, and other websites. When clicking the link, the applet attempts to run. Users can stop the infection before it starts by denying the applet permission to run when OS X's Java player pops up a dialogue.
If they allow the applet to run, they may get another warning if they have a Mac antispyware program like VirusBarrier X6’s Anti-Spyware installed. If they don't get the warning, or choose to disregard it, the applet will attempt to make a connection with a remote server and installs a rootkit, backdoor, command and control, and other elements. These files are copied to an invisible folder -- .jnana -- in the user's home directory.
If the virus is allowed to carry out its infection process, the unsuspecting Mac user may find themselves part of a botnet. When they log on social networks, the virus will post links to spread the infection. It may also send spam e-mail via their logged-in accounts
Other variants of this virus target Windows and Linux, making it a rare true cross-platform virus. All these viruses share the fact that they use the Java player as a route of attack. According to Intego, other OS X-specific versions of the virus have shown up, but most are broken or try to connect to offline servers.
The malware could become potentially more dangerous in the future if it is able to eliminate the warnings from the Java player and/or change the name/location of the infection directory, making it hard for virus removal software to find it.
hyeah: