Brazilian Coders Are Pioneering the First Cross-OS Malware Using JAR Files

An anonymous reader writes: Criminal gangs in Brazil are experimenting with the first malware families that are packaged as JAR files, capable of being deployed to Windows, Linux, Mac, and even Android from the same codebase, instead of relying on 4 different versions. Right now, only the malware dropper, a component used to infect computers with banking trojans, seems to have been coded in Java, but security experts expect a full-blown banking trojan to soon follow.

Re:Does anyone actually install a JRE any more?

[Todd+Knarr]

It wouldn't need to run as a browser plugin. The idea here is to use some other exploit to gain access and drop the .jar file onto the system, then run it as a regular local application. I suspect a lot of people have it because Oracle's made deals to have it included on the manufacturer's images, and those people don't have a clue what Java is or how to remove it so that's a problem.

I am, however, surprised it took them this long to come up with this idea. It's fairly standard on Unix systems, that's how cross-platform scripting of all sorts is done.

That's it, I'm switching to CP/M

There's no Java for CP/M-Z80, so I'm safe from being target by cross platform malware [or being targeted by applications in general].

So using Java exactly what it was designed for?

Guess all those memories of viruses from the 80's containing executable code valid on multiple processors are all my fevered imagination. Who knew that the first cross-OS malware was definitely only being written now, in 2016, in Java.

Wait, no, just the dropper. Congrats guys, you've discovered a platform-independent way of opening a stream from somewhere on the internet and dumping it to a file. Definitely pushing the envelope of Java to do that, I mean it's not like it comes with any sockets or file API specifically designed for stuff like that.

Give me a break. I was hoping to hear about something actually creative, like PDF or jpeg with multiple exploits for common Windows/Mac/Linux viewers or decode libraries, that causes a jump into the appropriate shellcode for each platform depending on what it's viewed on. This story is a non-event.

"First Cross-OS Malware Using JAR Files"

"First Cross-OS Malware Using JAR Files"

I used to have that one. It was developed by Sun, and called the Java plugin.

Re:Does anyone actually install a JRE any more?

Well, that's a bad analogy because we already know that C is the devil. But you get the picture.

Well, any reasonably skilled programmer have several deals with the devil, and for about half of them the devil feels he got the short end of the stick.

My comments are usually ascii pentagrams, but they only show with a tabsize of 4.

First?

I don't think so.

http://virus.wikidot.com/esperanto

First? My ass...

[evilviper]

2008: http://citeseerx.ist.psu.edu/v...

2009: https://en.wikipedia.org/wiki/...

2010: https://nakedsecurity.sophos.c...

Look what some moron said about the same subject back in 2011:
http://www.developers.slashdot...

2012: https://www.intego.com/mac-sec...

2012: http://www.zdnet.com/article/c...

2012: http://www.infosecisland.com/b...

etc., etc.