Security researchers have discovered a family of malware that works on both Mac and Windows. The trojan, Janicab.A, directs YouTube viewers to a malicious server with command-and-control functionality to hide itself.
Janicab was first discovered by researchers from F-Secure and Webroot. The trojan works by having a digital signature of a valid Apple Developer ID, which allows the installer to skip some security steps. The creators of Janicab made the malware act like a normal PDF file, instead of an executable file. Apple’s Developer site was recently hacked and personal information exposed. There may be an increase in Mac malware if the hackers are able to disguise themselves as verified Apple Developers to get that digital signature.
Avast later reported that that Janicab could also infect PCs using a Visual Basic script. Microsoft has patched this vulnerability back in 2012 but outdated machines are still vulnerable to infection.
While the Windows version lays dormant until a command is sent, the Mac version actively collects audio and screenshots to the attackers. There are no solid numbers about how many machines have been infected by the Janicab trojan. Ars Technica speculates that the trojan could be in a beta period as its developers are learning more about how to deliver a multi-platform trojan.
As OS X gains popularity, Mac users will have to become more cognizant of viruses, spyware, and malware. The myth that Macs don’t get viruses is quickly eroding.
