Quimitchin Mac Malware Goes Undercover To Spy On Scientific Community
Quimitchin was discovered by an IT admin who noticed that one particular Mac had more than the usual amount of network activity. Thanks to the help of Malwarebytes, the culprit was found, and its nickname was born.
This malware consists of three main components: a Mac binary, a perl script, and a Java class that's tacked onto that. Ultimately, Quimitchin doesn't set out to destroy data - a very good thing - but it does aim to expose basically everything that's done on the infected computer. If screenshots don't freak you out, it gets better: the malware also enables webcam access, so you can be spied on as you go about your work.
As mentioned before, this malware has a strange design as it includes certain system calls that have not been used for ages. In particular, libjpeg code is present, which hasn't been updated since 1998. Interestingly, the code also includes Linux shell commands, and after a bit more research, Malwarebytes found that it could in fact infect a Linux system as well, albeit with the caveat that one of its components fails to run.
Although Quimitchin was only just discovered, hints lead to the fact that it has existed for some time. While anyone reading this likely isn't the target of this malware, if you use Malwarebytes or other leading antivirus/anti-malware solutions, Quimitchin should be immediately detected going forward.