What is the Weyland-Yutani crime kit?
Published May 22nd, 2011 at 1:51 PM EDT , modified March 5th, 2013 at 2:20 PM EDT
I saw the news about the Weyland-Yutani crime kit when it first appeared on May 2, discussed on blogs by Peter Kruse of CSIS and Brian Krebs of Krebs on Security. At the time, I thought it was interesting, but it wasn’t an immediate concern. There were bigger fish to fry, as well, since the news coincided with the first appearance of MacDefender. However, I’ve encountered a few folks just now learning about it and becoming concerned. The question is, is that concern warranted?
To begin with, let’s look at what this “Weyland-Yutani” thing is. Peter Kruse and Brian Krebs covered it pretty well on their blogs, but just to simplify and condense it, Weyland-Yutani is what is called a crime kit. A crime kit is not a virus or a trojan horse or any other kind of malware. It is a hacker tool designed to help build malware. It can create Mac trojans that are capable of capturing form input from certain web browsers (Firefox and maybe Chrome, but not Safari yet, as of the news on May 2). This means that a trojan built with Weyland-Yutani, once installed on your Mac, would be capable of capturing, for example, your bank site username and password, and transmitting that information back to the hacker.
We don’t really need to talk too much about why this is bad. It’s pretty obvious. Especially bad is the fact that, despite such things having been available in the Windows world for some time, this is the first time such a crime kit has been released for the Mac. In addition, it apparently allows code written for Windows malware using a couple Windows crime kits to be reused with minimal modifications on the Mac. It makes sense, given all this, that people should be worried.
However, we also need to keep a few other things in mind. First, of course, is that this crime kit does not somehow magically create a way to get the malware installed on your machine. The same rules still apply: you can only be infected with a trojan if you can be tricked into installing the malware. Of course, many people were tricked into installing MacDefender, MacSecurity and MacProtector, and more are doing so every day despite all the online news. So this requirement is not something to be dismissed completely.
Second, no actual malware has actually been created with Weyland-Yutani at this point, as far as I know. Whether it ever will be, I don’t know. It’s possible that Weyland-Yutani will open up the Mac world to a whole new world of trojans like MacProtector and its predecessors. It’s also possible that nobody will be willing to pay the author the $1,000 he wants, and Weyland-Yutani will fade into obscurity. There’s no way to know at this point if or when a new Mac trojan will be created using this tool, but for now, there’s nothing to fear.
Finally, it is important to understand that this does not really change the game very much. It has always been possible for hackers to create trojans, and creating one that can collect data from web forms on the user’s machine is nothing new. Admittedly, this kit may lower the knowledge bar a bit, allowing people with little programming experience to create a trojan. However, the trojan itself is not the most sophisticated part of a malware outbreak like what was seen with MacProtector. The MacProtector trojan has been such a success not because the trojan is sophisticated (it is not), but because the exploits used to distribute it and convince users to install it are. MacProtector keeps jumping from server to server, making it a moving target that is difficult for security software and blacklists to block. It also takes a lot of skill to employ the SEO poisoning that gets those sites loaded in people’s browsers. And these things require significant resources (in terms of hacked servers). In this regard, as far as I’m aware, Weyland-Yutani is of no use.
In the end, Weyland-Yutani is not a threat to anyone, and never will be. It is possible that, in the future, the trojans created with it might become a problem. However, just as with every trojan that exists today, a bit of caution will go a long way towards avoiding future trojans. Don’t allow anything to install if you don’t remember downloading it or if you don’t know exactly what it is. Don’t install anything sent to you by a friend until you have verified that the friend actually sent it. Don’t fall for scams that threaten dire consequences if you don’t act right now to fix a problem you didn’t know you had. With such caution, it will be very difficult for you to become a victim in the future, regardless of how the trojan is made.
Tags: crime kit, malware, trojan, Weyland-Yutani
This post is more than 90 days old and has been locked. No further comments are allowed.