New Mac Trojan Sidesteps User Permissions

| News

A new trojan horse, dubbed Crisis, has been identified by the security company Intego. According to the company, the trojan horse can install itself without requiring any user interaction or account passwords, and attempts to hide itself from virus protection and detection applications.

Intego identifies new Mac trojanIntego identifies new Mac trojan

The trojan runs on OS X 10.6 and 10.7, and continues to run after system reboots. If the target Mac also has Root access available, Crisis will install additional components designed to hide its presence.

“The file is created in a way that is intended to make reverse engineering tools more difficult when analyzing the file,” said Intego’s Lysa Myers. “This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware.”

Once installed, the malware contacts IP address 176.58.100.37 every five minutes while awaiting instructions.

Intego says the trojan hasn’t been spotted in the wild yet, although it has already updated its VirusBarrier X6 definition files to detect the potential threat.

Crisis is considered a low level threat, although it’s still a good idea to avoid websites you deem untrustworthy.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

11 Comments Leave Your Own

Lee Dronick

Intego says the trojan hasn?t been spotted in the wild yet

Where has it been spotted?

gnasher729

According to the company, the trojan horse can install itself without requiring any user interaction or account passwords,

In which case it wouldn’t be a trojan, right? So what is it? Virus or trojan? How do I get it?

Lee Dronick

I followed the link to Intego’s website and found this

“Intego found samples of this malware on the VirusTotal website, a site used by security companies to share malware samples.”

Take a look at the story at Intego, Jeff provided us with a link.

mactoid

?Intego found samples of this malware on the VirusTotal website, a site used by security companies to share malware samples.?

Or perhaps a website used by security companies to spread FUD to sell more security software????

nich

another piece of headline grabbing non-information of something that doesn’t really exist.

Hermboy

another piece of headline grabbing non-information of something that doesn?t really exist.

Agreed, sometimes I think its the “security companies” that write the malware !

daemon

another piece of headline grabbing non-information of something that doesn?t really exist.

Yeah… Sure it doesn’t. Do you know what 0-day means?

Lee Dronick

Do you know what 0-day means?

It might be a good idea for you to explain it, not all of the readers here are tech types.

Intego says that this trojan works on OSX 10.7, I wonder if that includes 10.7.4

nich

“Yeah? Sure it doesn?t. Do you know what 0-day means?”
  Actually I do. Do you know what “The sky is falling” means?  I’ve been using both Mac and Windows systems on a pro-dev level since 1988. You know how many actual virus/malware I’ve run into and/or cleaned from other peoples windows systems, over 30 million(est) virus/spyware/malware in that time. In the same amount of time I’ve had to deal with 3 mac issues that actually made it into the wild. Until Windows gives up on its big downfall “the Registry file”, these numbers will always be that different from each other.
  Obviously, no computer in invulnerable, it always pays to be smart about web use. I wasn’t really commenting on the info provided in the article, so much as the way it was being presented. Seems like everyone is jumping on the “Mac virus” bandwagon lately, just so they can grab some headlines. This one was too obvious to pass up. I wish the article had provided a little more details.
  And, I always check Mac Observer for the latest Mac news. Have been for years, and will continue.

nich

I should note, my comments are not directed at Jeff as a writer, nor meant as a critic.. I’ve probably ready many of his articles, thought they were very good, and never bothered to see who wrote them or even commented.
  Jeff, the fact that you have an article published here, for me to read says a lot. No offense intended.

  Felt that needed to be said.

Jeff Gamet

Not to worry, nich, I took your comments as you intended. And thanks for reading!

Log-in to comment