Computer security researchers discovered a Mac OS X malware called Quimitchin which also works on Gnu/Linux distributions powered systems.
Quimitchin Malware Dangerous For Both Mac and Linux Users
Quimitchin malware is a dangerous tool which in the hands of its operators can cause a lot of harm. According to the security researchers who identified it the virus is capable of infecting both Mac OS X and Gnu/Linux operating system users. By all accounts it is also considered the first Mac malware of 2017 and appears to be a classic espionage utility.
The discovery was made recently after an IT administrator noticed unusual network traffic originating from a particular Mac OS x computer. The infections was traced to specific biomedical facilities. The reports state that the Quimitchin malware is held in two files – a .plist file which keeps the client running and initiates the persistence and the client file itself which hosts the payload. The malware is obfuscated in a Perl script which combines three components:
A Mac binary executable file
A Perl Script
Java Class part of the __DATA__ section of the main script.
The way the malware infects is by extracting these contents and writes them to the /tmp directory from where they are executed. The primary purpose of the virus is to capture screenshots and access the web cameras of the devices. The malware is able to harvest detailed information on the infected host and collect network metrics about other network devices. Using its built-in code it can initiate connections to them and further spread across the network.
The security experts who have reported of its existence assume that further strains and variants of it probably exist and haven’t been discovered yet. The conducted code analysis shows that the binary uses old system calls that date back to the pre-OS X era. This is the reason why the malware runs on Gnu/Linux distributions as well. Quimitchin has seen only a limited exposure and this is why all Mac OS X and Linux users should take in account. Various speculations exist that this virus or a related malware has been used in several reported cyber espionage campaigns initiated across the world.
The fact that the discovery was made in a biomedical facility points out that it could be possible that it is made or operated by a hacker group that works together with corporations or even state entities.