Wirenet

A cross platform malware affected not only macOS but also Windows and Linux operating systems. Wirenet, a trojan that opens a backdoor on an infected machine, is also able to take screenshots and collect users keystrokes and additional data from the system and send it to attacker’s server.The malware steals user’s data and passwords for different programs such as browsers (Opera, Firefox, and Chrome) and other popular internet applications such as Thunderbird and SeaMonkkey.

The malware installs itself in the folder %home%/WIFIADAPT.app to communicate with its C&C and encrypts the data using AES encryption algorithm.

Source: Dr.WEB

Links:

The first Trojan in history to steal Linux and Mac OS X passwords
Wirenet: The Password-Stealing Trojan Lands on Linux and OS X

Samples:
c520e9099bfc695b54662bdb7e8fa5b2800a72e9
c36f0943484ce8f8aba2d649aae2ad1243947c4e
1f0a890b3ac0daf93e6de8f7e93559355780ba84

Share this: