Mac malware is an increasing problem for Apple, with researchers saying last week's Mac Defender fake anti-virus program marked a tipping point as hackers target the increasingly popular OSX operating system.
The Danish e-crime researchers said the kit – discovered on underground criminal forums earlier this month – could steal passwords and inject code into websites, and could produce malware similar to that which has recently been used in online banking attacks.
“The kit is being sold under the name Weyland-Yutani BOT and it is the first of its kind to hit the Mac OS platform,” said Peter Kruse on the CSIS company blog. "Apparently, a dedicated iPad and Linux release are under preparation as well."
“The Weyland-Yutani BOT supports web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow - the web injects templates are identical to the ones used in Zeus and Spyeye. “
Details of the kit, which the researchers described as “fully operational”, have not been released, but according to CSIS the DIY tool could represent a real threat to unsuspecting Mac users.
“In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption,” said Kruse.
“CSIS finds this crime kit to be quite disturbing news since MacOS previously to some degree has been spared from the increasing amount of malware which has haunted Windows-based systems for years," he added.
“This could have resulted in a false sense of security that might make Mac OS users especially vulnerable to a sudden and highly sophisticated attack.”
This article originally appeared at pcpro.co.uk