Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brazilian Coders Are Pioneering the First Cross-OS Malware Using JAR Files

Posted by timothy on from the run-anywhere dept.

An anonymous reader writes: Criminal gangs in Brazil are experimenting with the first malware families that are packaged as JAR files, capable of being deployed to Windows, Linux, Mac, and even Android from the same codebase, instead of relying on 4 different versions. Right now, only the malware dropper, a component used to infect computers with banking trojans, seems to have been coded in Java, but security experts expect a full-blown banking trojan to soon follow.

12 of 124 comments (clear)

  1. Re:Does anyone actually install a JRE any more? by Todd+Knarr · · Score: 5, Interesting

    It wouldn't need to run as a browser plugin. The idea here is to use some other exploit to gain access and drop the .jar file onto the system, then run it as a regular local application. I suspect a lot of people have it because Oracle's made deals to have it included on the manufacturer's images, and those people don't have a clue what Java is or how to remove it so that's a problem.

    I am, however, surprised it took them this long to come up with this idea. It's fairly standard on Unix systems, that's how cross-platform scripting of all sorts is done.

  2. That's it, I'm switching to CP/M by Anonymous Coward · · Score: 5, Funny

    There's no Java for CP/M-Z80, so I'm safe from being target by cross platform malware [or being targeted by applications in general].

  3. So using Java exactly what it was designed for? by Anonymous Coward · · Score: 5, Informative

    Guess all those memories of viruses from the 80's containing executable code valid on multiple processors are all my fevered imagination. Who knew that the first cross-OS malware was definitely only being written now, in 2016, in Java.

    Wait, no, just the dropper. Congrats guys, you've discovered a platform-independent way of opening a stream from somewhere on the internet and dumping it to a file. Definitely pushing the envelope of Java to do that, I mean it's not like it comes with any sockets or file API specifically designed for stuff like that.

    Give me a break. I was hoping to hear about something actually creative, like PDF or jpeg with multiple exploits for common Windows/Mac/Linux viewers or decode libraries, that causes a jump into the appropriate shellcode for each platform depending on what it's viewed on. This story is a non-event.

    1. Re:So using Java exactly what it was designed for? by TheRaven64 · · Score: 3, Interesting

      It is a bit of a stretch. There was a nice entry into the IOCC a few years ago that was a program that was valid as C program, a shell script, or a makefile. Running it as either a shell script or makefile would compile the C program, which would then print its output. There's been some interesting recent research involving isolating instructions that are NOPs on various architectures and writing exploit code that is a valid executable on both x86 and ARM (it doesn't have to be long, because you can encode a jump to the architecture-specific version in the portable code).

      It's worth noting that this is even (almost) the official and documented way of writing a cross-architecture Windows binary: you have a little .NET stub that P/Invoke's the native binary for the architecture that it detects.

      --
      I am TheRaven on Soylent News
  4. "First Cross-OS Malware Using JAR Files" by Anonymous Coward · · Score: 5, Funny

    "First Cross-OS Malware Using JAR Files"

    I used to have that one. It was developed by Sun, and called the Java plugin.

  5. Re:Does anyone actually install a JRE any more? by Anonymous Coward · · Score: 5, Funny

    Well, that's a bad analogy because we already know that C is the devil. But you get the picture.

    Well, any reasonably skilled programmer have several deals with the devil, and for about half of them the devil feels he got the short end of the stick.

    My comments are usually ascii pentagrams, but they only show with a tabsize of 4.

  6. JAR capable of being deployed to Linux by tetraverse · · Score: 3, Insightful

    How exactly does this JAR file get downloaded and executed on a Linux system, without enduser action.

    1. Re:JAR capable of being deployed to Linux by MrCoke · · Score: 2

      "Press OK to enter our contest and win an iPhone 6/..."

  7. First? by Anonymous Coward · · Score: 4, Informative

    I don't think so.

    http://virus.wikidot.com/esperanto

  8. First? My ass... by evilviper · · Score: 5, Informative

    2008: http://citeseerx.ist.psu.edu/v...

    2009: https://en.wikipedia.org/wiki/...

    2010: https://nakedsecurity.sophos.c...

    Look what some moron said about the same subject back in 2011:
    http://www.developers.slashdot...

    2012: https://www.intego.com/mac-sec...

    2012: http://www.zdnet.com/article/c...

    2012: http://www.infosecisland.com/b...

    etc., etc.

    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  9. Re:Does anyone actually install a JRE any more? by beakerMeep · · Score: 2

    The idea here is to use some other exploit to gain access and drop the .jar file onto the system, then run it as a regular local application.

    If malware gains local application code execution, then the target user is pretty much farked anyways -- the language used is irrelevant.

    --
    meep
  10. Re:Qubes and virtualisation by tobiasly · · Score: 2

    This is why OS architectures like Qubes are important. This is why Linux systems (and everything else) should work more like that. It is also why the principle of least authority needs to make its way out of textbooks and into real life.

    When something that sounds great in a textbook never makes it to real life, there's usually a pretty good reason.