Moke Malware Hops Over From Windows And Linux To Threaten Mac OS X

Moke malware has wormed its way across from Windows and Linux and onto Mac OS X in the form of Backdoor.OSX.Mokes, threatening Apple’s operating system with malicious code.

Discovered by cyber security firm Kaspersky Labs back in January, the Moke family of malware can swipe all manner of data from an infected machine, such as key-strokes, documents, pictures and screenshots.

It also creates a backdoor into the operating systems to allow hackers to execute arbitrary commands on a targeted computer.

“After the discovery of the binaries for Linux and Windows systems, we have now finally come across the OS X version of Mokes.A. It is written in C++ using Qt, a cross-platform application framework, and is statically linked to OpenSSL.” explained Kaspersky security researcher Stefan Ortloff.

Threatening Mac OS X

When Backdoor.OSX.Mokes is executed for the first time is makes copies of itself and spreads to a number of locations in a machine’s operating system library. It lurks in folders containing everyday software such as Apple’s App Store, Google Chrome, Skype and Dropbox.

From there it can tamper with the system to make a connection to a command and control centre server through an HTTP connection on TCP port 80. Once a connection is established the hacker in control of the command server can setup backdoor features that allow for data to be stolen using techniques such as monitoring removable storage on the infected machine and scanning the file system for documents.

Tracking the source of a Moke attack is also particularly tricky as it uses strong AES-256-CBC encryption to effectively hide its activities and communicate with the command server.

Backdoors in Mac OS X are not as common as they are in Windows machines, but they appear to be increasingly uncovered by security researchers. Kaspersky did not detail how widespread the Moke malware or how much of a threat it poses to Macs, but the security firm assumes it is out “in-the-wild” in the same ‘packed’ form as its Linux variant.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago