The Inquirer-Home

Security researchers find Mac malware dubbed Crisis

Installs silently, creates a backdoor
Wed Jul 25 2012, 11:15
security risk management

SECURITY RESEARCHERS are warning of malware dubbed "Crisis" that targets Mac OS X systems.

Discovered by security firm Intego, Crisis, which is also known as Morcut, creates a backdoor when it is run, installing silently without requiring a password.

Intego said it had found samples of the malware but it had not yet been discovered in the wild and it works only in Mac OS X versions 10.6 Snow Leopard and 10.7 Lion.

"The Trojan preserves itself against reboots, so it will continue to run until it's removed," Intego said in a post on its blog today. "Depending on whether or not the dropper runs on a user account with Admin permissions, it will install different components."

Intego said that it has not yet seen if or how the threat is installed on a user's system, but estimated it might be that an installer component will try to establish Admin permissions. If this is the case, the firm said the malware will drop a rootkit to hide itself.

"The backdoor component calls home to the IP address every [five] minutes, awaiting instructions," Intego said. "The file is created in a way that is intended to make reverse engineering tools more difficult to use when analysing the file."

Crisis is one of many new samples of malware found by researchers of late that target the Mac OS X operating system. Attacks such as the Flashback Trojan have generated headlines and lead to speculation that the operating system is a growing target.

However, it seems Apple has begun to accept that malware targeting its systems is an increasing concern, and is holding its first ever presentation at this year's Black Hat security conference that is being held in Las Vegas later this week. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015