Spy trojan steals audio, video, email, IM, keystrokes, from Windows, Mac and mobile

By

And it is the first trojan to use a Mac rootkit.

A cross-platform trojan has been discovered that hijacks Windows and Mac OS X machines and mobile devices, and steals audio and video feeds, screenshots and keystrokes .

Spy trojan steals audio, video, email, IM, keystrokes, from Windows, Mac and mobile

The comprehensive espionage toolkit dubbed BackDoor.DaVinci.1 malware was thought to be the first use of a rootkit to hide a trojan on the Apple operating system.

It allowed criminals to siphon data stolen by keyloggers to remote servers, along with screenshots, intercepted e-mail, and instant messaging chats including ICQ and Skype. Microphone and web cam feeds could also be captured. 

DaVinci.1

DaVinci.1 also contained counter anti-virus and firewall tools.

Russian anti-virus vendor Dr Web discovered the malware after a user this week reported the infected image. 

"The trojan poses a serious threat to users because it not only intercepts any information on the infected computer but also gives criminals full control over a compromised system so that they can render it non-operational," the company said.

It said the malware had "functional modules" that includes a backdoor component that is encrypted and uses rootkits.

The malware spread via an Adobe Flash Player (*.jar) file that was signed with an invalid  certificate. 

DaVinci.1 would first detect the operating system of a target machine before launching malicious payloads.

Dr Web did not say which mobile operating platforms were also affected.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?