More Java-based malware plagues the cross-platform runtime

New attacks exploit the Java plug-in as well as simply use Java to run locally when tricking users.

Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtime's attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run.

Once installed, the McRAT malware will attempt to contact command and control servers and copy itself into dll files in Windows systems.

This malware is specifically Windows-based; however, a second one outlined by Intego, is a Minecraft password-stealing Trojan that masks as a Java exectutable called "Minecraft Hack Kit." This kit is distributed as a tool to help Minecraft users perform moderating tasks such as kicking or banning other users in the game.

When run, however, the program will install three new applets along with a Launch Agent script that keeps them persistently running in the background. These secondary payload programs then attempt to steal Minecraft credentials and send them to various Hotmail accounts.

These new threats are relatively low in severity, with the Minecraft one being quite specific for those who play the Minecraft game (and who have Java installed), and who furthermore attempt to gain advantages in the game through a promised hack; however, both of these threats will run on a system that has the latest Java versions installed. Unlike the McRAT malware, however, the Minecraft attack does not attempt to exploit the Java Web plug-in and instead only tricks users to download and run the software, so even with a properly managed Java plug-in it will still run.

For this and similar threats in OS X, you can install a reverse firewall such as Little Snitch that will monitor outbound connection attempts and notify you of them. In addition, setting up a monitoring service for the system's LaunchAgent and LaunchDaemon folders will help prevent programs from unknowingly setting up scripts that could have malware running in the background.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

About the author

    Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    CNET's giving away a 3D printer

    Enter for a chance to win* the Makerbot Replicator 3D Printer and all the supplies you need to get started.