A cross-platform Trojan has been intercepted a web exploit that detects the operating system of a computer and then drop a different version of the trojan to match report F-Secure
It was first spotted on a Columbian transport website which was hacked, this malware is known as GetShell.A and requires users to approve a Java Applet Installation.
Once it detects the Operating System you are running it will download the corresponding payload for your Platform be it Windows, Mac OS X or Linux. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 220.127.116.11 (Don’t bother tracing it, it is VPNized)
Karmina Aquino, a senior analyst with F-Secure said “All three files for the three different platforms behave the same way. They all connect to 18.104.22.168 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively.”
The DNetWorks Team