The Mac backdoor called as NetWeirdRC is reportedly selling on the black market for $60, reflecting growing interest in the Mac platform from cyber criminals.
NetWeird has been found that affects OS X (versions 10.6 and higher), Windows, Linux and Solaris. Much like OSX/Crisis, this is a commercial remote access tool that was leaked to Virus Total.
"While OSX/Crisis is an advanced threat which hides itself reasonably well, OSX/NetWeirdRC has a number of glaring issues.Perhaps the pricetag tells us all we need to know: OSX/Crisis sells for €200,000, and OSX/NetWeirdRC starts at $60." Intego researchers said.
Cybercriminals selling this malware for $60 because of its poor performance. According to Intego researchers, the malware is not persistent–perhaps due to a bug, it does not restart after a reboot, and will lie dormant unless it is manually restarted or removed.
It does add itself to the login items, but this does not succeed in restarting the malware; it will only open the user’s home folder at login instead.
Once it infects the system, it connects to 212.7.208.65 on port 4141 and awaits instructions. VirusBarrier’s firewall alerts at this connection attempt.
The backdoor offers a number of different functions to perform actions and spy on the user of the infected machine including Performing commands remotely, grabbing screenshots, gathering system info and programs, stealing passwords.