Home | Press | Contact da en
Heimdal
Heimdal Security protects against
banker trojan malware.
Press Contact

Peter Kruse
Partner & Security Specialist
pkr@csis.dk
PGP Key ID: 0x49006F37

Blog
2011-05-02 11:20:09 |

The first advanced DIY (Do-It-Yourself) crimeware kit aimed at the Mac OS X platform has just been announced on a few closed underground forums. Detailed information about this crimeware kit is not being leaked publicly and the authors of the kit are obviously trying to stay below the radar allowing only vetted users of the forums to see most of the content.

The Danish IT-security company CSIS Security Group has just yesterday observed a new advanced Form grabber designed for the Mac OS X operating system being advertised on several closed underground forums. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption.

The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform. Apparently, a dedicated iPad and Linux release are under preparation as well.

The Weyland-Yutani BOT supports web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow. The webinjects templates are identical to the ones used in Zeus and Spyeye.


CSIS eCrime Unit is in possession of videos documenting both the admin panel and its functionality as well as the builder itself. Both video clips prove this kit to be fully operational already. This v1.0 of the BOT has a license price for the complete kit equal to 1,000 WMZ/LR.

CSIS finds this crimekit to be quite disturbing news since MacOS previously to some degree has been spared from the increasing amount of malware which has haunted Windows-based systems for years. This could have resulted in a false sense of security that might make Mac OS user especially vulnerable to a sudden and highly sophisticated attack.  

Update:
Meanwhile the video demonstrating how the kit works and how it can collect passwords through formgrabbing has been made available on Youtube:
http://www.youtube.com/watch?v=lD3l_nqmE6w