Tech Support Forum banner
Status
Not open for further replies.

Cross-platform malware Adwind infects Mac

902 views 0 replies 1 participant last post by  JMH3143 
#1 ·
A colleague referred me to an article on a piece of cross-platform malware, called Adwind RAT (short for “remote access tool”), that was going undetected.

This is often code for “this malware was written in Java,” which doesn’t necessarily mean that it actually drops a Mac payload. So I was a bit skeptical, and said so. But, hey, new malware to play with… how could I resist taking a peek?

The first thing I noticed was – surprise, surprise – the malware was written in Java. Prepared for disappointment, I grabbed a sample of the dropper from VirusTotal.

The dropper was a file named Doc-172394856.jar. It would seem that it’s meant to be a document of some kind, but it’s not very convincing, as it has a .jar extension, not something more expected like .docx or .pdf. Strike one.

It also required me to install Java just to run it. Since Apple quit including Java in the system years ago, that’s something that most people don’t have on their Macs these days. So, to open it, you’d have to download a large file – after figuring out exactly what to download on Oracle’s rather hard-to-navigate website – and install it. Strike two.
https://blog.malwarebytes.com/threat-analysis/2016/07/cross-platform-malware-adwind-infects-mac/
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top