One of the most popular is CrossOver 20.0 that able to run any Windows software and games on your Mac flawlessly. While its getting popular as the time goes by, the developer constantly provide the latest update to improve their system. Name Version Channel; CharLS.x8664: 1.0-5.el7: @epel: GConf2.x8664: 3.2.6-8.el7: @c7-media: GeoIP.x8664: 1.5.0-14.el7: @base: GeoIP-devel.x8664: 1.5.0-14.el7: @base.
A new piece of malware is now targeting your PCs, CrossRAT is the name. This undetectable spying malware is believed to be developed by the Dark Caracal group. CrossRAT can be described as a malicious desktop surveillance tool which targets OSX, Windows, and Linux. Written in Java, this cross-platform malware can take screenshots, manipulate the entire file system, and run random DLLs for secondary infection on Windows.
CrossRAT Malware
As per the researchers, the developers of this Trojan are using WhatsApp messages and Facebook group messages to spread it and to redirect the users to the malicious websites and download malicious programs.
CrossRAT, however, doesn’t have any predefined command to activate the keylogger, but it uses the open source Java library ‘jnativehook,’ to check the mouse and keyboard occasions.
CrossRAT which is a desktop surveillance malware is designed with some basic surveillance features which get activated after getting the predefined instructions from C&C server. It first checks the operating system of your PC and then installs accordingly. Next, it assembles the details about the infected system along with the kernel structure.
The Trojan then uses the mechanisms according to the particular operating system and re-executes every time the infected system is rebooted. It further registers itself on the C&C server thereby providing an access to the distant attackers.
As reported by Lookout researchers, CrossRAT variant distributed by Darkish Caracal hacking group connects to ‘flexberry(dot)com‘ on port 2223, whose data is hardcoded within the ‘crossrat/ok.class’ file.
Check if your PC is infected with CrossRAT
As it is a Java written Trojan, it requires Java to land on a PC. Fortunately, the latest versions of Mac OS do not have Java installed and thus most of the mac users must be safe from CrossRAT.
But, if the user has installed Java or the attackers succeed to make the user install Java trickily, CrossRAT can run and infect even the latest versions of macOS.
As it is a cross-platform Trojan, detecting methods obviously will be different for each operating system.
For Home Windows users:
Test the ‘HKCUSoftwareMicrosoftWindowsCurrentVersionRun’ registry key. It will include a command featuring java, -jar and mediamgrs.jar if infected by CrossRAT
For Mac OS:
Search for launch agent mediamgrs.plist in in /Library/LaunchAgents or ~/Library/LaunchAgents.
(OR) Test for jar file, mediamgrs.jar, in ~/Library.
For Linux:
Search for an ‘autostart file’ probably named mediamgrs.desktop within the ~/.config/autostart
(OR) Test for jar file, mediamgrs.jar, in /usr/var.
Only 2 out of 58 antivirus software can detect CrossRAT at the time of writing, which means that you are under the risk and your anti-virus can hardly detect it and save you from this Trojan.
Crossrun Mac Os X
Check out the detailed technical overview and analysis of CrossRAT done by ex-NSA hacker Patrick Wardle which includes its capabilities, mechanism, command, and control.
Source: New undetectable Malware CrossRAT targets Windows, Linux and Mac OS
Related Posts
Cross Run Mac Os Catalina
- New Word macro malware infects macOS and Windows
Another form of Microsoft Word malware that infects both macOS and Windows machines has been…
- Leaked NSA Malware Puts Windows Computers At Risk
A group of hackers have released malware made by the NSA that puts all computers running…
- Frightening Mac Malware Just Discovered, and it's at Least 5 Years Old
It’s not the first time we’ve seen of this variety of malware. Security researchers at…
- Terdot banking trojan targets social media and email in addition to financial services
The banking trojan Terdot's ability to harvest credentials for social networks and e-mail services 'could…