Java cannot seem to get a break. Only a few days after patching the last zero-day vulnerability, two more exploits are being found that make use of the runtime. One, as noted by Kaspersky, is a recent exploit of the latest runtime's attempts to install a McRAT executable by overwriting memory in the JVM that will trigger the executable to run.
Once installed, the McRAT malware will attempt to contact command and control servers and copy itself into dll files in Windows systems.
This malware is specifically Windows-based; however, a second one outlined by Intego, is a Minecraft password-stealing Trojan that masks as a Java exectutable called "Minecraft Hack Kit." This kit is distributed as a tool to help Minecraft users perform moderating tasks such as kicking or banning other users in the game.
When run, however, the program will install three new applets along with a Launch Agent script that keeps them persistently running in the background. These secondary payload programs then attempt to steal Minecraft credentials and send them to various Hotmail accounts.
These new threats are relatively low in severity, with the Minecraft one being quite specific for those who play the Minecraft game (and who have Java installed), and who furthermore attempt to gain advantages in the game through a promised hack; however, both of these threats will run on a system that has the latest Java versions installed. Unlike the McRAT malware, however, the Minecraft attack does not attempt to exploit the Java Web plug-in and instead only tricks users to download and run the software, so even with a properly managed Java plug-in it will still run.
For this and similar threats in OS X, you can install a reverse firewall such as Little Snitch that will monitor outbound connection attempts and notify you of them. In addition, setting up a monitoring service for the system's LaunchAgent and LaunchDaemon folders will help prevent programs from unknowingly setting up scripts that could have malware running in the background.
Questions? Comments? Have a fix? Post them below or
Be sure to check us out on Twitter and the CNET Mac forums.