Thursday, May 5, 2011

IncognitoRAT - Java Botnet Found in the Wild

Via McAfee Labs -

Most of today’s malware works on Windows and its apps, because it can affect a lot of people around the world. However, other platforms are becoming more popular every day and attracting bad guys who are starting to create malicious code for other systems.

further threat is cross-platform malware that can execute on Windows and Mac using Java; this type of malware can run in a multiplatform Java Virtual Machine. IncognitoRAT is one example of a Java-based Trojan discovered in the wild that is being downloaded and installed by another component. This malware behaves like other Windows botnets but uses source code and libraries that can operate on other platforms.

The original propagation vector of IncognitoRAT is a Windows executable, but apparently it was created using the tool JarToExe, which includes, among other features, the ability to convert .jar files into .exe files, to add program icons and version information, and protect and encrypt Java programs. The victim’s machine has to have the Java Runtime Environment installed and must be online. As soon as the file is executed, it starts downloading a ZIP file with a pack of Java-based libraries to perform several remote activities:


According to public information, this malicious code is available for Windows, Mac OS X, and iPhone/iPad (the last only to control infected computers). However, we’ve seen only the PC version in a downloader/dropper in the wild. McAfee products detect this malware in our latest DATs as JV/IncognitoRAT.

No comments:

Post a Comment