Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.
The attack was first seen on a Columbian transport website which had been hacked by a third party.
The unidentified site then displayed a signed Java applet that checks if the user’s computer is running Windows, Mac OS X, or Linux.
The clever bit of the code appears to have been lifted from an open source tool kit written by Dave Kennedy, a security researcher and president of TrustedSec. He did not write it to do anything nasty.
F-Secure said in its blog that all three files for the three different platforms connect to 126.96.36.199 to get additional code to execute. The ports are 8080, 8081, and 8082 for OS X, Linux, and Windows.
While Apple has been being turned over for a while now, reports of real-world attacks on the Linux operating system are less common. Single attacks that have the ability to infect any one of the three OSes are rarer still.
Fortunately for Apple users, the exploit only infects modern Macs that were modified to run software known as Rosetta. Rosetta was designed so that Macs using Intel processors can run software written for PowerPC processors. Rosetta is not supported on Lion, the most recent version of OS X.
This means that the hackers’ knowledge of Macs is somewhat limited, but they did have a stab at it.