New Crisis Mac trojan targeting Snow Leopard, Lion
Intego has discovered new Mac malware that is able to install itself onto OS X
TechLife | 26 Jul 2012 :
A new Mac Trojan has been discovered, which is reported to be affecting Snow Leopard and Lion users.
The Trojan, named OSX/Crisis is a 'dropper' that creates a backdoor when it is run. The malware installs itself silently without the need for a password, and cannot be removed by a system restart.
It is not yet clear how the malware functions, but security firm Intego - who discovered the malware - assured users that researchers have not yet spotted it in the wild.
OSX/Crisis creates a number of local folders to complete its tasks, said Intego. "Many of these are randomly names, but there are some that are consistent," such as Library/ScriptingAdditions/appleHID/.
"The backdoor component calls home to the IP address 22.214.171.124 every five minutes, awaiting instructions," Intego's report read. "The file is created in a way that is intended to make reverse engineering tools more difficult to use when analysing the file. This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware."
The Crisis trojan is the latest malware in the rapidly increasing list of such attacks targeting Mac OS X.
IDG News Service