CSIS is reporting a Crimeware kit is now live which targets Mac OSX and iOS devices. At this time the Weyland-Yutani BOT, named after the evil corporation in the Aliens franchises, targets Firefox and steals form data. The current version is not complete and we expect to see alterations and updates to target other Apple products.

What to do:

• Disable autofill from you browser for any form data.
• Set save history to one day.
• Make sure "Open Safe Files" is deselected in Safari.
• Download files only to the download folder.
• Set Remove Downloads to "When Safari Quits."
• Never do Web Surfing as the Administrator, carry out daily task as a user that does not have administrator privileges.
• Never use Safari on a Mac OSX Server, download files, confirm the hash and then move the file via network assets in your control.
• Install a full featured anti-virus software. (See references below.)

At this time the threat from the kit is very low but that may change going forward. Magmatic customers can request Safari Browser Secure Normal State Document. 

Update on Monday, May 2, 2011 at 04:02PM by Sean OConnell Public

Crimeware kit using Weylan-Yutani Bot can use web injects originally designed for ZeuS and SpyEye. Users should deselect "Auto-Fill" in browsers.

Then check the following and remove all:

• In Safari>Preferences>Auto File select "User Names and passwords"---> Edit and then remove all. 
• In Safari>Preferences>Auto File select "Other"---> Edit and then remove all. 

Mozilla has released an update for Firefox, Sea Monkey and Thunderbird for Mac OSX and other platforms.