On January 1st, Malwarebytes discovered the first backdoor of the year effective against OSX based software. The malicious software is not considered sophisticated and uses older code that was first utilized in attacks years ago.
The Quimitchin malware was found by an IT administrator who noticed odd traffic from a computer in the network. Similar malware has been seen in the past targeting Biomedical research institutions. It is believed the backdoor could be espionage on the part of Russia or China. The script includes code that screen captures and enables webcam access.
Malwarebytes released in a statement, “The Java class appears to be capable of receiving commands to do various tasks, which include yet another method of capturing the screen, getting the screen size and mouse cursor position, changing the mouse position, simulating mouse clicks, and simulating key presses. This component appears to be intended to provide a kind of rudimentary remote control functionality.”
Quimitchin also uses an open source calls system called libjpeg, an antique piece of code that has not been updated since 1998. The experts believe the malware has not been detected for such a long time because it had only been used in targeted attacks, but, is now widespread.