Dirt cheap Mac malware points up growing threat to Apple users

The Apple zombie malware NetWeird is reportedly selling on the black market for as little as $60, reflecting growing interest in the Mac platform from cyber criminals.

French anti-virus outfit Intego, which specialises in Macs and other Apple systems, reported finding the malware on a number of cyber black markets on Wednesday.

Before NetWeird, numerous vendors, including F-Secure and Microsoft's Trustworthy Computing division, had reported observing a marked increase in the number of automated exploit kits and malware samples available for sale online.

The surprise here, however, is the malware's low $60 price tag, when compare with other samples selling for several thousands of dollars.

"Perhaps the price tag tells us all we need to know: OSX/Crisis sells for €200,000, and OSX/NetWeirdRC starts at $60," wrote and Intego.

"The website for the developers of OSX/NetWeirdRC also lists the undetected nature of this tool as a selling point. It would seem that you get what you pay for, even in the malware world."

NetWeird was uncovered targeting the Apple Mac operating system earlier in August. It works by installing itself into the user's home directory as an application bundle called WIFIADAPT.app.app.

The malware is designed to operate as a bot, letting its controller run processes on infected machines without the owner's knowledge or consent.

This means that the remote attacker can carry out actions such as taking screenshots, extract files and attempt to steal passwords by searching through data stored by web browsers and email clients like Opera, Firefox, SeaMonkey and Thunderbird.

NetWeird is listed as being an incredibly basic, ineffective bot and as a result many security experts have been more concerned about its strategic implications, citing it as further proof that criminals' interest in the Apple ecosystem is increasing.

"It adds itself to your login items, presumably with the intention of loading up every time you reboot your Mac. But a bug means that it adds itself as a folder, not an application. All that happens when you log back in is that Finder pops up and displays your home directory," wrote Sophos researcher, Paul Ducklin.

"Crooks really are getting into the habit of churning out new Mac malware, not to show how clever they are, but merely to see if they can repeat the trick that's worked on Windows for years: making money out of next to nothing. Those who remember the past often choose to repeat it, especially if there's money to be made."

Before NetWeird's appearance, Kaspersky researcher David Emm issued a similar warning regarding criminals' increased interest in Apple's Mac OS during an exclusive interview with V3.