Write Once, Infect Anywhere, or: The Rise of Cross-platform Malware

Posted by UpGuard

Write Once, Infect Anywhere, or: The Rise of Cross-platform Malware

Cyber attackers are, above all else, opportunists—malware and viruses require time and resources to develop and are therefore created with the greatest returns in mind. In terms of operating systems, Windows typically gets a bad rap for security—the price of popularity, as it were. But as other OS platforms have whittled down Windows' market share in recent years, cyber attackers have had an increasingly broad playing field for exploitation. 

Cross-platform Threats on the Horizon

Last week, researchers at Kaspersky Lab discovered a few families of malware that ship as Java JAR file executables, marking the first appearance of cross-platform malware on the cyber threat landscape. This is, of course, Java's main value proposition: write once, run anywhere. It seems that hackers have taken this and utilized it for nefarious purposes; new Java-based threats coming down the pipe can equally run on Mac, Linux, Windows, and even Android devices.

The only caveat is that the Java Runtime Environment (JRE) must exist on the target system. Given the ubiquity of the Java platform, however, exploitable targets abound—according to Java.com,  97% of enterprise desktops and 89% of desktops in the U.S. run Java. As a technology, Java has been much maligned in recent years, with many security researchers callling for its complete eradication from the internet.

 

The spam campaigns delivering the malware JAR files have been detected using the following names:

  • Trojan-Banker.Java.Agent
  • Trojan-Downloader.Java.Banload
  • Trojan-Downloader.Java.Agent

It's worth noting that Kaspersky researchers only discovered the existence of cross-OS malware droppers, not complete standalone malware programs. Malware droppers are small pieces of software that avoid antivirus detection through their limited functionality. The purpose of a dropper is to gain entry into the system and download/install malware later from a central server hosted by the attacker. Security researchers warn that fully-fledged cross-OS malware programs are likely to soon follow.

Free eBooks on IT Security and DevOps

Equal Opportunity Cyber Threats

Cross-platform exploits are nothing new. Earlier this year, JavaScript-based ransomware was discovered using the NW.js framework to infect victims; written in JavaScript, the ransomware is likely cross-OS compatible. And just last week, researchers at Bitdefender Labs discovered a rewrite of the ransomware Linux.Encoder called KeRangerthe first fully functional Mac OS X ransomware and the first cross-platform ransomware to appear.

ransom32_message-730x456.png

Cross-platform ransomware. Source: Emsisoft.com.

Again, the key incentives for cross-platform malware development are economic: the rise in popularity of OS X and other Windows desktop alternatives has led to malware designed modularly for for wide distribution.

Whether your remediation efforts involve removing Java across your organization entirely or identifying/patching vulnerable versions of the JVM, UpGuard can ensure that exploitable flaws in your infrastructure are eliminated before reaching production environments. Our platform for cyber resilience can automatically monitor your environment for software packageslike Javathat could lead to security compromises.

Get a Guided UpGuard Demo

Source(s):

http://news.softpedia.com/news/brazilian-coders-are-pioneering-the-first-cross-os-malware-using-jar-files-501460.shtml

https://securityintelligence.com/news/java-malware-becomes-a-cross-platform-threat/

https://www.java.com/en/about/

http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/

More Blogs

Cybersecurity Incidents Cost Companies Hundreds of Billions in 2015

Companies spent hundreds of billions of dollars last year as a result of cybersecurity incidents.
Read Blog >

Why We Made Our Vulnerability Assessment Free for Everyone

Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. 
Read Blog >

Understanding Risk in the 21st Century

Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?
Read Blog >

Topics: malware, cyber security

UpGuard Customers