Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Macs Targeted by New “Crimekit”

The Danish security firm CSIS is reporting that they have uncovered evidence of a new “crimekit” called “Weyland-Yutani BOT” that criminals can use to make malware designed to steal information and access credentials (such as for online banking sites). At the moment, Weyland-Yutani supports “web injects” and “form grabbing” in Firefox, with support for Safari and Google Chrome on the way. These techniques enable the attackers to defeat online banking security tokens and capture login information entered into forms. CSIS also reports that while Weyland-Yutani targets Mac OS X currently, iPad and Linux versions are planned.

Most coverage of Weyland-Yutani has focused on the fact that its appearance means that Apple’s star has now risen high enough to attract the attention of malware authors. That could be, since most malware today is created for the express purpose of making money, and Apple’s user base (particularly once you bring in iOS devices) is now large enough that the investment may be worthwhile for online criminals to target Apple users. We’ll find out, since Weyland-Yutani itself costs around $1,000. So the real question is if Weyland-Yutani will turn out to be a commercial success or flop.

What does this mean for normal Mac users? For the moment, only that you really do want to stay up to date with security updates to Mac OS X and Web browsers. If criminals were to start using Weyland-Yutani to create truly unpleasant malware targeting Mac OS X, the anti-malware market on the Mac would certainly heat up.

But for the moment, just be sure to install security updates, be careful opening email attachments that could contain code, and stay away from dodgy Web sites pushing pirated software, gambling, and porn. Oh, and keep reading TidBITS for news of changes in the security landscape. In other words, use your common sense, since the Internet simply isn’t an entirely safe place and hasn’t been for years.


Backblaze is unlimited, unthrottled backup for Macs at $5/month.
Web access to files means your data is always available. Restore
by Mail allows you to recover files via a hard drive or USB.
Start your 15-day trial today! <>

Comments about Macs Targeted by New “Crimekit”
(Comments are closed.)

Lawrence  2011-05-02 21:45
You don't say how this "crimekit" gets installed on a Mac. Is it by visiting a malicious website, phishing, email, what?
Adam Engst  An apple icon for a TidBITS Staffer 2011-05-03 02:07
It doesn't get installed - it's for creating malware that would be installed via trojan horse or virus or whatever. That's what's sort of funny about this story - it's essentially about a development tool for online criminals.
David Weintraub  2011-05-03 13:52
So, they're selling this package to people who are willing to do criminal activity? And if someone obtains this software and posts it on line, exactly what is the company who's selling this going to do? Somehow, this isn't the best class of consumers to target for $1000 software packages.

I have a feeling that this itself is a scam.
Adam Engst  An apple icon for a TidBITS Staffer 2011-05-03 14:18
Haven't you ever heard of honor among thieves? :-)

Seriously, this is how the malware world works now. Check out some of the prices in this article by Brian Krebs about other crimekits.
It is how some malware works, on the other hand, there are kits developed for research purposes that can be used for bad purposes to create malware and these are free. Anyway, It is ironic that for many years many in the hacker and security community have used Macs but now there is the first *commercial* crimeware kit.