Named Wirenet.1 by Dr Web, this newly discovered piece of malware apparently provides its masters with a backdoor into infected systems.
It also steals password entered by the user in several popular browsers (Chrome, Chromium, Firefox and Opera) or stored in other applications including Pidgin, SeaMonkey and Thunderbird.
And as if that wasn't enough, it includes a keylogger to capture the user's keystrokes.
|
The company is still investigating how the malware is being spread.
Wirenet.1 is detected and removed by Dr Web's AV products for Mac and Linux, and presumably other vendors will follow suit.
One mitigation is to block communication with 212.7.208.65, which is the control server used by the attackers.