New Mac Malware: OSX/Crisis!
A growing number of Mac users have developed a twitch. Though we certainly don’t have the problems inherent to Windows, nowhere near that level anxiety, malware is increasingly a problem and the OSX/Crisis trojan is just latest malevolent cloud to appear on the horizon.
Those bellwethers of bane at Intego have discovered new Mac malware, the OSX/Crisis trojan. The punchline with this malware is that it can infect without any user interaction and inherits whatever privileges the user has.
For example, if OSX/Crisis infects a Mac running in admin mode, it gains those privileges. It’s believed that this trojan affects the two most commonly used versions of OS X, Snow Leopard (10.6) and Lion (10.7).
“Overall while this is a new threat for OS X with some unique features, unlike others it has not been found on any OS X machines,” writes MacFixIt’s Topher Kessler. “Its distribution is therefore very low if nonexistant at the moment, and malware definitions for it should soon be available to malware scanning tools so be sure to keep them updated if you have one installed.”
That’s right, as of now, neither Intego nor anyone else has discovered the Crisis trojan in the wild, which is another way of saying no one’s ever been infected let alone affected.
How do I detect the Crisis trojan?
With or without Admin permissions, this folder is created:/Library/ScriptingAdditions/appleHID/
Only with Admin permissions, this folder is created:
/System/Library/Frameworks/Foundation.framework/XPCServices/
Once a system is infected, OSX/Crisis opens a backdoor, contacts a C&C (command and control) server and awaits instructions. Again, this trojan hasn’t been spotted in the wild, so transmission method(s) and payload (i.e. what it does) aren’t known.
For what it’s worth, Intego has updated its Mac antivirus app, VirusBarrier X6, to detect and remove Crisis.
One expects that other third-party antivirus vendors, as well as Apple and its Xprotect trojan blocker, will soon be updated to detect, block and remove Crisis.
Related posts:
— Mountain Lion Cache Cleaner: De-mungify your Mac
— Apple asks devs to submit apps for Mountain Lion launch
— Tranmission 2.0.6: Mountain Lion GateKeeper ready
— ClamXav 2.3 arrives signed, reduces RAM usage
— New in Mountain Lion: GateKeeper
[...] OS X Recovery (Apple) Related posts: — New Mac Malware: OSX/Crisis! — Mountain Lion Cache Cleaner: De-mungify your Mac — GeekBench 2.3.4: Mountain Lion, [...]
[...] or DMG image. Related posts: — How to: Make an OS X Mountain Lion install disk, DVD or USB — New Mac Malware: OSX/Crisis! — Mountain Lion Cache Cleaner: De-mungify your Mac — GeekBench 2.3.4: Mountain Lion, [...]
[...] Ars Technica Related posts: — ClamXav 2.3.2 fixes Mountain Lion Sentry issue — New Mac Malware: OSX/Crisis! — OS X Security Update Test 1.0: ‘Install as soon as possible’ — Apple tries again with [...]
[...] 7 patch — Java for Mac: Equal at last — ClamXav 2.3.2 fixes Mountain Lion Sentry issue — New Mac Malware: OSX/Crisis! [...]
Leave your response!
Recent Posts
Popular Posts
The ROCR on the web
Most Commented
Most Viewed
Powered by WordPress | Entries (RSS) | Comments (RSS) | Privacy Policy