A new piece of malware is now targeting your PCs, CrossRAT is the name. This undetectable spying malware is believed to be developed by the Dark Caracal group. CrossRAT can be described as a malicious desktop surveillance tool which targets OSX, Windows, and Linux. Written in Java, this cross-platform malware can take screenshots, manipulate the entire file system, and run random DLLs for secondary infection on Windows.
CrossRAT Malware
Based on my experience with Linux and OS X, there's no easy way to cross-compile for OS X from Linux. It would probably be easiest/best to buy an older, second hand Mac or Macbook and work from it. Also note there is a free and open source GNUstep, which attempts to provide the Cocoa framework. – jww Jul 3 '17 at 4:36.
As per the researchers, the developers of this Trojan are using WhatsApp messages and Facebook group messages to spread it and to redirect the users to the malicious websites and download malicious programs.
- A short video clip of my success in getting Counter-Strike: Source to run natively in Mac OS X via the latest CrossOver Mac beta application.
- An OS X SDK, you can copy it off of a Mac (this part sucks) The gist above pulls the first two from Mozilla's tooltool (a content store), and requires you to provide the third yourself. Getting plain Rust code to build is pretty straightforward, but once you hit a crate with a native code dependency it gets a little tricky, hence most of the.
- Name Version Channel; CharLS.x8664: 1.0-5.el7: @epel: GConf2.x8664: 3.2.6-8.el7: @c7-media: GeoIP.x8664: 1.5.0-14.el7: @base: GeoIP-devel.x8664: 1.5.0-14.el7: @base.
- Mar 11, 2019 Date Package Title; 2019-03-10: ConfIntVariance: Confidence Interval for the Univariate Population Variance without Normality Assumption: 2019-03-10: desctable: Produce Descri.
CrossRAT, however, doesn't have any predefined command to activate the keylogger, but it uses the open source Java library ‘jnativehook,' to check the mouse and keyboard occasions.
CrossRAT which is a desktop surveillance malware is designed with some basic surveillance features which get activated after getting the predefined instructions from C&C server. It first checks the operating system of your PC and then installs accordingly. Next, it assembles the details about the infected system along with the kernel structure.
The Trojan then uses the mechanisms according to the particular operating system and re-executes every time the infected system is rebooted. It further registers itself on the C&C server thereby providing an access to the distant attackers.
As reported by Lookout researchers, CrossRAT variant distributed by Darkish Caracal hacking group connects to ‘flexberry(dot)com‘ on port 2223, whose data is hardcoded within the ‘crossrat/ok.class' file.
Check if your PC is infected with CrossRAT
As it is a Java written Trojan, it requires Java to land on a PC. Fortunately, the latest versions of Mac OS do not have Java installed and thus most of the mac users must be safe from CrossRAT.
But, if the user has installed Java or the attackers succeed to make the user install Java trickily, CrossRAT can run and infect even the latest versions of macOS.
Mac Os Versions
As it is a cross-platform Trojan, detecting methods obviously will be different for each operating system.
For Home Windows users:
Test the ‘HKCUSoftwareMicrosoftWindowsCurrentVersionRun' registry key. It will include a command featuring java, -jar and mediamgrs.jar if infected by CrossRAT
For Mac OS:
Search for launch agent mediamgrs.plist in in /Library/LaunchAgents or ~/Library/LaunchAgents.
(OR) Test for jar file, mediamgrs.jar, in ~/Library.
But, if the user has installed Java or the attackers succeed to make the user install Java trickily, CrossRAT can run and infect even the latest versions of macOS.
Mac Os Versions
As it is a cross-platform Trojan, detecting methods obviously will be different for each operating system.
For Home Windows users:
Test the ‘HKCUSoftwareMicrosoftWindowsCurrentVersionRun' registry key. It will include a command featuring java, -jar and mediamgrs.jar if infected by CrossRAT
For Mac OS:
Search for launch agent mediamgrs.plist in in /Library/LaunchAgents or ~/Library/LaunchAgents.
(OR) Test for jar file, mediamgrs.jar, in ~/Library.
For Linux:
Search for an ‘autostart file' probably named mediamgrs.desktop within the ~/.config/autostart
(OR) Test for jar file, mediamgrs.jar, in /usr/var.
Only 2 out of 58 antivirus software can detect CrossRAT at the time of writing, which means that you are under the risk and your anti-virus can hardly detect it and save you from this Trojan.
Check out the detailed technical overview and analysis of CrossRAT done by ex-NSA hacker Patrick Wardle which includes its capabilities, mechanism, command, and control.
Source: New undetectable Malware CrossRAT targets Windows, Linux and Mac OS
Related Posts
Mac Os Download
- New Word macro malware infects macOS and Windows
Another form of Microsoft Word malware that infects both macOS and Windows machines has been…
- Leaked NSA Malware Puts Windows Computers At Risk
A group of hackers have released malware made by the NSA that puts all computers running…
- Frightening Mac Malware Just Discovered, and it's at Least 5 Years Old
It's not the first time we've seen of this variety of malware. Security researchers at…
- Terdot banking trojan targets social media and email in addition to financial services
The banking trojan Terdot's ability to harvest credentials for social networks and e-mail services 'could…
