Because of the increasing popularity of the Mac, malware writers have been trying to work out a way of sucking in Apple users while still getting the numbers of a decent Windows virus campaign.
Cross-platform malware is tricky to pull off, but one detected by McAfee seems to manage it.
IncognitoRAT is a Java-based Trojan which attacks both Windows and Mac OS users. It behaves like other Windows botnets but uses source code and libraries that can operate on other platforms.
McAfee’s Carlos Castillo said the software uses a Windows executable, but apparently was created using the tool JarToExe. This allows it to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs.
Once the .jar file is converted, it is executed and downloads a number of Java-based libraries that allow the attacker to control the keyboard and mouse of the affected computer, to play MP3 files and videos, to record images taken by the computer’s webcam, and to send stolen information to another person’s email account.
A .jar component dropped by the downloader makes sure that the principal malware is executed.
The botnet created by the infected machines might be able to crash machines and show messages to the user.