Researchers at SecureList have found a new family of backdoors for Linux and Windows.
The Linux malware, called DropboxCache or Backdoor.Linux.Mokes.a, is packed using the Ultimate Packer for Executables (UPX) and has the ability to capture audio and grab screenshots. It copies itself as needed to other areas on the computer and connects to command and control (C&C) server where the stolen data is uploaded and stored.
The backdoor SecureList found for Windows is OLMyJuxM.exe or Backdoor.Win32.Mokes.imv. This targets the operating system’s 32-bit version. After being embedded it installs itself in one of nine locations in %AppData% and installs the necessary registry keys to maintain persistence. The malware’s keylogger then kicks into gear and it also monitor’s mouse inputs which are uploaded to the C&C server.
SecureList researchers said since the malware is platform independent a Mac OS X version is possible in the future.