The first cross-platform Trojan to run under Linux and Mac OS X has been discovered by Russian security firm Dr Web.
The ‘backdoor’ program – designed to steal passwords stored by several popular web apps – is believed to be the first virus to be able to run under all of these operating systems.
Wirenet.1, as it has been dubbed, creates a copy of the user’s home directory and sends the copy – including passwords pinched from your browser and web apps – using Advanced Encryption Standard (AES) to its control server based in the Netherlands.
The virus also acts as a key logger, sending data from each key pressed on the infected device’s keyboard to the Trojan’s creators, along with the passwords it has stolen.
There have been few technical details released regarding Wirenet.1’s operation and technique but the security firm discovered that the Trojan is capable of stealing passwords entered by the user into browsers including Chrome, Firefox, Opera and Chromium (but oddly not the Mac default browser, Safari) and any passwords stored by email and messaging apps such as Pidgin and Thunderbird.
According to TechWorld, under Linux the virus copies itself under ~/WIFIFADAPT directory before attempting to connect to a command and control server, which offers a simple way of blocking communication and further distributions of stolen data.
It is not yet clear whether the Trojan is capable of attacking Windows systems as well. It is suspected that avoiding targeting Microsoft was a ploy to prevent the virus being detected quickly.
Should Linux users be worried? Most tech commentators don’t think so. Are you worried?