The Russian antivirus firm has intercepted the malicious piece of code and has categorized it as a password stealing Trojan. Dr.Web is the same company that carried out much of the analysis of Flashback malware.
Once installed the Trojan, dubbed as BackDoor.Wirenet.1 [in Russian], starts capturing key presses and information that is typed by victims. The Wirenet.1 Trojan also grabs passwords submitted to browsers such as Opera, Firefox, Chrome as well as credentials that are stored in several applications such as Thunderbird, SeaMonkey, Pidgin – a chat app, etc. The Trojan then attempts to connect to a server hosted somewhere in Netherlands and tries to upload the harvested data.
This particular malware is definitely not the first that is known to infect multiple platforms as Crisis which was discovered earlier is known to infect Windows, Linux, Mac OS X as well as virtual machines.
The researchers are still trying to figure out the spreading mechanism of the Trojan. “It’s not clear yet how the Trojan, which was added to the Dr.Web virus database as BackDoor.Wirenet.1, spreads.” notes Dr.Web’s site.