Most online security advocates place emphasis on DDoS, malware, viruses, ransomware and APT attacks, but merely highlight the dangers of cross platform vulnerabilities. However, there has recently been a rise in the number of hackers writing same vulnerability codes across different platforms – as they consider it a smart business.Security Threats

The cross-platform malware can also be ‘tuned’ to target specific users/networks. In the first quarter of 2013, it was reported that a Trojan infected Macs and Windows through a Java browser plug-in vulnerability. It was distributed across some developer sites. Because the vulnerability was selective, it was hard for security researchers to discover how it was working.

How a cross-platform threat works

The malware makes use of vulnerability in software compatible with different platforms – for example, Java. It then downloads a malicious code on the PC, which opens a backdoor for a Trojan to be written in C++.

The same Trojan is written on both Mac and Windows platform. The backdoor gives frequent access to hackers to write codes, run commands, steal data and upload files on a victim’s computer. The same server is responsible for hosting the two Trojans and hackers are able to do most of the damage without the user’s knowledge.

The Trojan that is infected on both platforms receives commands from a central server at polling times, and that helps in avoiding detection through IDS. Common virus protecting programs only keep a check on the front door, but aren’t able to detect vulnerabilities knocking on the backdoor.

A popular cross-platform malware example is GetShell. It can infect Macs, Windows and also detect Java-based loopholes in Linux. The malware can also affect computers that are using unpatched software versions as they are susceptible to Trojans.

Genuine antivirus software can protect against the vulnerability as they are backed by individuals researching Java and other cross-platform languages. Most of such software also protects from neutral backends that sneak through the backdoor. Users are also recommended to update Java plugins as soon as they become available and use patched version of software.

NQ Mobile researchers also discovered a malware that attacks a cache-cleaning Android app and becomes active and when the device is being synced with the computer. The threat can give access to sensitive data and even keystrokes. Furthermore, the Trojan can infect into all hard disk extensions and drives (Flash-based/ map network). The compromised data is sent to global locations in Brazil, Russia or Ukraine.

Cybercriminals behind the attacks are leveraging the Auto Run program on Windows. Although the attack isn’t going to prevail on Windows 8 and 7 because Auto Run is toggled off by default (provided that users didn’t tweak the Settings), the fix is vulnerable on Windows Vista and XP.

Crisis Trojan was also able to affect both Windows and Mac OS X. Its first version was used to spy in on IM conversations and email threads. The intriguing aspect of this malware is that it has been created for multiple platforms and it pretends to be normal Flash installer to see the OS on the system before deploying an appropriate Trojan version. There’s also a version of Crisis that breeds on VMWare images stored on systems.

The trend is still young, but is serving as a key attraction to hackers as it presents them with ‘economies of scale’. It is therefore important to regularly update plugins, software etc. to minimize cross-platform vulnerabilities.