14 DAY TRIAL // A new crimeware toolkit designed to create Mac OS X trojans is being advertised on several private underground forums according to security researchers from Danish IT security firm CSIS Security Group.
Crimeware toolkits allow users to build custom versions of trojans tailored for their own needs, complete with the command and control (C&C) applications.
Dubbed the Weyland-Yutani BOT, after a fictional corporation from the Alien series, the toolkit is being advertised as the first malware builder for Mac OS X and is similar in functionality to the infamous ZeuS and SpyEye kits.
The trojan supports form grabbing and web page injection for Firefox and Chrome, but not for Safari, because, according to the author, there are still many problems with that browser.
According to analysts from the CSIS eCrime Unit, the first version of the toolkit is being sold for $1,000 payable only in Liberty Reserve (LR) or WebMoney (WMZ) virtual currencies.
"CSIS eCrime Unit is in possession of videos documenting both the admin panel and its functionality as well as the builder itself. Both video clips prove this kit to be fully operational already," Peter Kruse, security specialist at CSIS, writes.
Independent security journalist Brian Krebs cites the toolkit's author as saying that web injects developed for ZeuS or SpyEye can be used with Weyland-Yutani after some formatting.
The existence of this toolkit is very bad news for Mac users and follows recent scareware attacks directed at Apple's operating system.
Security researchers have long argued that Mac OS X is just as prone to malware as Windows and that the only thing keeping cyber criminals away from it is its small market share.
However, due to a tough competition on the Windows malware threat landscape, some attackers are beginning to tap into alternative sources of potential victims, which include Mac OS X users.
Other operating systems are not safe either, as the Weyland-Yutani BOT author is working on variants for Linux, as well as iOS.