The Danish security firm CSIS is reporting that they have uncovered evidence of a new “crimekit” called “Weyland-Yutani BOT” that criminals can use to make malware designed to steal information and access credentials (such as for online banking sites). At the moment, Weyland-Yutani supports “web injects” and “form grabbing” in Firefox, with support for Safari and Google Chrome on the way. These techniques enable the attackers to defeat online banking security tokens and capture login information entered into forms. CSIS also reports that while Weyland-Yutani targets Mac OS X currently, iPad and Linux versions are planned.
Most coverage of Weyland-Yutani has focused on the fact that its appearance means that Apple’s star has now risen high enough to attract the attention of malware authors. That could be, since most malware today is created for the express purpose of making money, and Apple’s user base (particularly once you bring in iOS devices) is now large enough that the investment may be worthwhile for online criminals to target Apple users. We’ll find out, since Weyland-Yutani itself costs around $1,000. So the real question is if Weyland-Yutani will turn out to be a commercial success or flop.
What does this mean for normal Mac users? For the moment, only that you really do want to stay up to date with security updates to Mac OS X and Web browsers. If criminals were to start using Weyland-Yutani to create truly unpleasant malware targeting Mac OS X, the anti-malware market on the Mac would certainly heat up.
But for the moment, just be sure to install security updates, be careful opening email attachments that could contain code, and stay away from dodgy Web sites pushing pirated software, gambling, and porn. Oh, and keep reading TidBITS for news of changes in the security landscape. In other words, use your common sense, since the Internet simply isn’t an entirely safe place and hasn’t been for years.