Quimitchin Mac Malware Goes Undercover To Spy On Scientific Community

sad mac
It appears that the first Mac malware discovery of 2017 belongs to "Quimitchin", a strange little find that targets, of all things, scientific research. The "strange" part of the malware comes from the fact that it features system calls that have long been deprecated, or at least haven't been relevant for quite some time. It's also not designed to wreak havoc, but rather act as an effective spy.

Quimitchin was discovered by an IT admin who noticed that one particular Mac had more than the usual amount of network activity. Thanks to the help of Malwarebytes, the culprit was found, and its nickname was born.

This malware consists of three main components: a Mac binary, a perl script, and a Java class that's tacked onto that. Ultimately, Quimitchin doesn't set out to destroy data - a very good thing - but it does aim to expose basically everything that's done on the infected computer. If screenshots don't freak you out, it gets better: the malware also enables webcam access, so you can be spied on as you go about your work.

MacOS Seirra

As mentioned before, this malware has a strange design as it includes certain system calls that have not been used for ages. In particular, libjpeg code is present, which hasn't been updated since 1998. Interestingly, the code also includes Linux shell commands, and after a bit more research, Malwarebytes found that it could in fact infect a Linux system as well, albeit with the caveat that one of its components fails to run.

Although Quimitchin was only just discovered, hints lead to the fact that it has existed for some time. While anyone reading this likely isn't the target of this malware, if you use Malwarebytes or other leading antivirus/anti-malware solutions, Quimitchin should be immediately detected going forward.