Intego Uncovers New Mac OS X Trojan

Intego researchers recently uncovered new Mac malware, which the security firm has called OSX/Crisis.

“Crisis will impact machines differently depending on user rights,” writes Threatpost’s Brian Donohue. “For individuals with administrative permissions, it is dropping a rootkit to conceal itself as well as a number of files and folders to carry out its various functions. OSX/Crisis creates 17 files for users with admin-permissions and 14 for those without.”

“Once installed, OS/X Crisis calls home to IP address every five minutes, presumably to await instructions,” writes VentureBeat’s John Koetsier. “That IP address may change over time, as malware authors often build in features resistant to simple blocking.”

“Additionally, the backdoor file with this functionality has been coded in such a way that reverse engineering tools won’t work as well when analyzing the file — a technique called anti-analysis which is commonly seen in Windows malware, yet almost unheard of in OS X malware,” writes LAPTOP Magazine’s Davey Alba.

“This malware is the latest example of cyber criminals turning their attention to the Mac platform, which now has enough users that it is worth the time and effort it takes to write malware for it,” notes Computer Business Review’s Steve Evans.

“The threat has not appeared in the wild, but its complexity and use of clever infection techniques point to possible infections in future,” writes The Register’s John Leyden.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles