Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation.
It detects if you’re running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 220.127.116.11.
Karmina Aquino, a senior analyst with F-Secure said “All three files for the three different platforms behave the same way. They all connect to 18.104.22.168 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively.”
On upcoming 29th…