A new type of Malware has been found by F-secure Team , they have recently came across a compromised Colombian transport where social enggenieing is utilizes by Malware author by displaying a signed applet upon visited the page.

The malware named as Getshell-A and to approve a Java Applet on system it requires a user authentication , the main power of this maflware is that it identifies if you are running Windows, Mac OS X or Linux and then it will download the corresponding Malware suitable for your OS.

Who is affected by this?

  • Mac OS X
  • Windows
  • Linux

How it looks on different OS?

1. On Windows

2. On Mac

The JAR file checks if the user’s machine is running in Windows, Mac or Linux then downloads the appropriate files for the platform.

All three files for the three different platforms behave the same way. They all connect to to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux, and Windows respectively.

The files are detected as:
Trojan-Downloader:Java/GetShell.A (sha1: 4a52bb43ff4ae19816e1b97453835da3565387b7)
Backdoor:OSX/GetShell.A (sha1: b05b11bc8520e73a9d62a3dc1d5854d3b4a52cef)
Backdoor:Linux/GetShell.A (sha1: 359a996b841bc02d339279d29112fe980637bf88)
Backdoor:W32/GetShell.A (sha1: 26fcc7d3106ab231ba0ed2cba34b7611dcf5fc0a)



This site uses Akismet to reduce spam. Learn how your comment data is processed.