Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
OS X Android IOS Windows

Brazilian Coders Are Pioneering the First Cross-OS Malware Using JAR Files 124

An anonymous reader writes: Criminal gangs in Brazil are experimenting with the first malware families that are packaged as JAR files, capable of being deployed to Windows, Linux, Mac, and even Android from the same codebase, instead of relying on 4 different versions. Right now, only the malware dropper, a component used to infect computers with banking trojans, seems to have been coded in Java, but security experts expect a full-blown banking trojan to soon follow.
This discussion has been archived. No new comments can be posted.

Brazilian Coders Are Pioneering the First Cross-OS Malware Using JAR Files

Comments Filter:
  • by Anonymous Coward on Tuesday March 08, 2016 @02:32AM (#51657587)

    There's no Java for CP/M-Z80, so I'm safe from being target by cross platform malware [or being targeted by applications in general].

    • by Anonymous Coward
      But what if they wrote it in Turbo Pascal? You should get an 8085 just to be sure!
    • So much for write once, run anywhere.

  • by Anonymous Coward on Tuesday March 08, 2016 @02:35AM (#51657593)

    Guess all those memories of viruses from the 80's containing executable code valid on multiple processors are all my fevered imagination. Who knew that the first cross-OS malware was definitely only being written now, in 2016, in Java.

    Wait, no, just the dropper. Congrats guys, you've discovered a platform-independent way of opening a stream from somewhere on the internet and dumping it to a file. Definitely pushing the envelope of Java to do that, I mean it's not like it comes with any sockets or file API specifically designed for stuff like that.

    Give me a break. I was hoping to hear about something actually creative, like PDF or jpeg with multiple exploits for common Windows/Mac/Linux viewers or decode libraries, that causes a jump into the appropriate shellcode for each platform depending on what it's viewed on. This story is a non-event.

    • by TheRaven64 ( 641858 ) on Tuesday March 08, 2016 @05:32AM (#51657889) Journal

      It is a bit of a stretch. There was a nice entry into the IOCC a few years ago that was a program that was valid as C program, a shell script, or a makefile. Running it as either a shell script or makefile would compile the C program, which would then print its output. There's been some interesting recent research involving isolating instructions that are NOPs on various architectures and writing exploit code that is a valid executable on both x86 and ARM (it doesn't have to be long, because you can encode a jump to the architecture-specific version in the portable code).

      It's worth noting that this is even (almost) the official and documented way of writing a cross-architecture Windows binary: you have a little .NET stub that P/Invoke's the native binary for the architecture that it detects.

    • I was thinking exactly this. Glad to hear that only now are we seeing a 'cross-platform' malware, and that the untold numbers of Excel macro viruses, Outlook exploits, PDF exploits, Flash exploits, etc. don't count. Only when you use Java to do something it was actually designed to do (as you described) do you become 'the first cross-platform malware.'

  • by Anonymous Coward on Tuesday March 08, 2016 @02:53AM (#51657629)

    "First Cross-OS Malware Using JAR Files"

    I used to have that one. It was developed by Sun, and called the Java plugin.

  • by tetraverse ( 4409445 ) on Tuesday March 08, 2016 @03:08AM (#51657647)
    How exactly does this JAR file get downloaded and executed on a Linux system, without enduser action.
    • by Anonymous Coward

      So many dell dracs so little time lol

    • by MrCoke ( 445461 )

      "Press OK to enter our contest and win an iPhone 6/..."

    • by delt0r ( 999393 )
      Or any other system for that matter. Or just a plain exe file or .sh on unix? STUPID USERS. As always. PEBCAK
  • "Java: write once, run anywhere"

    Sorry, couldn't help.

  • First? (Score:4, Informative)

    by Anonymous Coward on Tuesday March 08, 2016 @03:53AM (#51657735)

    I don't think so.

    http://virus.wikidot.com/esperanto

  • another reason to uninstall java.

  • Write once, pwn everwhere!
  • First? My ass... (Score:5, Informative)

    by evilviper ( 135110 ) on Tuesday March 08, 2016 @05:32AM (#51657891) Journal

    2008: http://citeseerx.ist.psu.edu/v... [psu.edu]

    2009: https://en.wikipedia.org/wiki/... [wikipedia.org]

    2010: https://nakedsecurity.sophos.c... [sophos.com]

    Look what some moron said about the same subject back in 2011:
    http://www.developers.slashdot... [slashdot.org]

    2012: https://www.intego.com/mac-sec... [intego.com]

    2012: http://www.zdnet.com/article/c... [zdnet.com]

    2012: http://www.infosecisland.com/b... [infosecisland.com]

    etc., etc.

  • I'm a Brazillian that works with IT, and it's the first time that I'm hearing something about it: it seems to me like a pretty bad-made SCAM :/ * I may be wrong, but I doubt it :P
  • This is why OS architectures like Qubes are important. This is why Linux systems (and everything else) should work more like that. It is also why the principle of least authority needs to make its way out of textbooks and into real life. Malware like this can work because it is given permission to work. There is no reason things need to be that way, except for laziness of programmers.

    • This is why OS architectures like Qubes are important. This is why Linux systems (and everything else) should work more like that. It is also why the principle of least authority needs to make its way out of textbooks and into real life.

      When something that sounds great in a textbook never makes it to real life, there's usually a pretty good reason.

  • It's written like a piece on an OSS project. When I got to the end, I was thinking, "Why are these researchers making malware?" Had to go back and re-read the first two words.
  • Download some Minecraft mods, take a peek inside.

    All the more insidious because generally it is children installing said mods.

    • What mods are you referring to? The mod community seems to be pretty safe overall from what I've seen.

  • Don't mind the little fact that Macs don't even come with Java pre-installed anymore.

    • by Anonymous Coward

      Don't mind the little fact that Macs don't even come with Java pre-installed anymore.

      Last time I checked neither do most other popular desktop operating systems. What's your point?

  • There are plenty of malware packages in PHP, Perl, Python, and Ruby that will search for vulnerable web apps, infiltrate a hosting account, then set up web-accessible shells written in the same languages and continue on to find more vulnerable apps and accounts.

  • automatically converts and runs JRE files in Android?
    I don't believe it.

  • If we assume they are written in Java... then certainly we can do some profiling... just look for people with less hair.

"If value corrupts then absolute value corrupts absolutely."

Working...