Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch

Wirenet: Linux/OS X Trojan?

Dodgy like a sore thumb.


Get It

Try It

ST PETERSBURG (Rixstep) — DrWeb have discovered a cross-platform trojan targeting Linux and OS X. They've christened it 'Wirenet'.

The trojan is designed to 'steal passwords stored by a number of popular Internet applications'.

DrWeb have not yet been able to trace the trojan's propagation.

Methodology

According to DrWeb, Wirenet installs itself in the user root directory and uses AES to communicate with its mothership located at 212.7.208.65, registered (and ostensibly run) in the Netherlands.

DrWeb also claim Wirenet functions as a keystroke logger, and harvests passwords entered through Opera, Firefox, Chrome, Thunderbird, SeaMonkey, and Pidgin.

DrWeb claim to have an AV update that successfully eradicates Wirenet, but given its rather clumsy location in the file system, it shouldn't be at all difficult to detect and remove on its own. For it's right there at the root of the user area.

See Also
The Technological: Apple and the War on Stupidity
DrWeb: First Trojan in history to steal Linux/OS X passwords

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.