The toolkit is said to develop a malware attack using social engineering or similar infection routes and, says security researcher Brian Krebs, even comes with a web-based administration panel that allows the customer to manage and harvest data from infected PCs.
The $1,000 toolkit was discovered by Danish IT security firm CSIS Security Group, which notes that the package is the first to target the Mac OS X platform.
"The seller of this crimeware kit claims his product supports form-grabbing in Firefox and Chrome, and says he plans to develop a Linux version and one for the iPad in the months ahead", says Krebs in his latest security blog.
"The CSIS blog post contains a single screen shot of this kit's bot builder, and references a demo video but doesn't show it", he adds.
Krebs – being Krebs, Infosecurity notes – decided that he would research the software via a Russian language forum where the author was advertising the package.
And, after getting in contact with the author, the security researcher learned that the developer is holding off on the Safari form-grabbing capability for now, owing to problems.
"Still, he was kind enough to share a copy of a video that shows the kit's builder and admin panel in action", says Krebs, adding that the toolkit has been named after the Weyland-Yutani corporation in the Alien movie series.
Interestingly, Krebs claims that the author of the Mac toolkit said he knows of several other independent coders who are working on Mac malcode projects that aren't quite ready.
"Each time this subject comes up, I am struck by how fervently the Mac community denies that Mac users might ever have to deal with anywhere near the level of malware that currently besieges the Windows world", he went on to say.
"The Mac, these apologists explain, is far more secure than Windows, and that is why we have not seen malware writers attack the platform with the same vigour and interest", he added.
The security researcher goes on to note that, as one comment on his blog reasoned, OS X simply doesn't allow programs to be installed without user permission.
"My response is, assuming for the moment that the above statement about the Mac's superior security is true, the operating system does nothing to stop the user from being tricked or cajoled into installing malware", he said.
"What's more, social engineering attacks are one of the primary ways that Windows users get infected today, so why would it be any different for Mac users?", he added.