“It would seem that you get what you pay for, even in the malware world”

Aug 23, 2012 16:11 GMT  ·  By

Mac security firm Intego has released an advisory which details a backdoor called OSX/NetWeirdRC that has been found to affect OS X versions 10.6 and higher, as well as other operating systems.

From several standpoints, the malware in question is similar to the much-more-potent OSX/Crisis. However, NetWeirdRC comes with a few flaws.

“This malware appears to be in the wild, but the risk is considered low at this time,” says Intego.

“It is not known how the malware would arrive, though presumably it would be part of a targeted attack and it would come with a custom dropper or entice the user to run a file through social engineering.”

Citing real-world tests, Intego reports that the malware is not persistent, as in “it does not restart after a reboot, and will lie dormant unless it is manually restarted or removed.” This could be the result of a bug, Intego said.

“It does add itself to the login items, but this does not succeed in restarting the malware; it will only open the user’s home folder at login instead,” the security firm clarifies.

So, how does NetWeirdRC work (when it has the chance)?

According to the Austin, Texas-based security vendor, the trojan spies on the user of the infected machine by: installing new files; performing commands remotely; grabbing screenshots; and gathering system information.

Intego says it can do everything from gathering information about what programs are running to stealing encrypted Firefox, Thunderbird, Opera, and SeaMonkey passwords.

Scary! BUT, as Intego later reveals, “While OSX/Crisis is an advanced threat which hides itself reasonably well, OSX/NetWeirdRC has a number of glaring issues.”

“Perhaps the pricetag tells us all we need to know,” it notes. “OSX/Crisis sells for €200,000, and OSX/NetWeirdRC starts at $60. The website for the developers of OSX/NetWeirdRC also lists the undetected nature of this tool as a selling point. It would seem that you get what you pay for, even in the malware world,” Intego concludes.