New Java Malware Exploits Both Windows And Mac Users


Symantec has discovered a new form of Java malware that infects both Apple and Windows machines, according to research posted on the company’s Security Response blog. [The entry](<https://threatpost.com/new-java-malware-exploits-both-windows-and-mac-users-042412/>), penned by researcher Takashi Katsuki, describes a strain of Java Applet malware that either drops a Python-based malware in Mac operating systems or an executable-form of malware in Windows computers. If opened, both forms of malware could launch a Trojan horse that could trigger a back door on the computer, regardless of the platform. The malware exploits the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507) to download the malware. According to the post, the Mac back door Trojan can currently only control polling times, or “how many times it gets commands from the server at certain time intervals.” If enabled however, the Trojan can also download files, list files and folders, open a remote shell, sleep or upload files. The Trojan for Windows can send information about the infected computer and disk, its memory usage, OS version and user name, in addition to downloading and executing files and opening shells to receive commands. The news of this malware comes on the heels of [Flashback](<https://threatpost.com/flashback-mac-trojan-hits-more-500k-machines-040512/>) and [SabPub](<https://threatpost.com/new-mac-malware-sabpub-used-targeted-attacks-041612/>), two forms of malware that have been targeting Mac users throughout the first quarter of this year via another vulnerability in Java. The vulnerability CVE-2012-0507 — an older Java flaw that was recently [blocked by Mozilla’s Firefox](<https://threatpost.com/mozilla-adds-older-java-versions-firefox-blocklist-040312/>) — was used by some Flashback variants [earlier this month](<http://www.f-secure.com/weblog/archives/00002341.html>), before [being patched](<https://threatpost.com/apple-issues-update-prevent-flashback-malware-infecting-mac-os-x-machines-040312/>) by [Apple](<http://support.apple.com/kb/HT5228?viewlocale=en_US&locale=en_US>). ![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065602/javamalware.jpg)