Threat Database Backdoors Wirenet Backdoor

Wirenet Backdoor

Wirenet is a backdoor threat that has been used for quite a while. Researchers first noticed Wirenet back in 2012 and it is believed to be the first cross-platform backdoor Trojan that can affect both Windows, macOS, and Linux devices. The exact behavior of the threat is based on which system it has infiltrated but, as a whole, it is a fully-fledged Trojan that can cause tremendous damage if left unchecked.

Threatening Capabilities

Once established inside the victim's device, Wirenet will try to collect various sensitive information, such as account credentials. On Linux, the targeted applications include Mozilla products - Firefox, Thunderbird, SeaMonkey, in addition to Chrom, Opera and Pidgin. If Wirenet is running on a Windows device, it also can collect data from Internet Explorer and Microsoft Live accounts. The least amount of affected applications are found on macOS with the threat going after Mozilla and Opera products only. To further expand its information-stealing functionality, on Windows and Linux systems, Wirenet also runs a key-logging routine.

On all systems, the threat can receive commands from its Command-and-Control server. The attackers can instruct their malicious tool to run or kill specific processes, manipulate the file system, deliver additional malware payloads, and much more.

The last aspect of Wirenet involves binding a shell to create a backdoor channel via remote access. It can do so on all three platforms while on Windows and Linux specifically, the threat can also act like a SOCKS4/5 proxy server.


Most Viewed