We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

New Crisis Mac Trojan targeting Snow Leopard and Lion

Intego has discovered new Mac malware that is able to install itself onto OS X without the user’s knowledge

A new Mac Trojan has been discovered, which is reported to be affecting Snow Leopard and Lion users.

The Trojan, named OSX/Crisis, was discovered by security experts Intego on Tuesday, and is a dropper that creates a backdoor when it is run. The malware installs itself silently without the need for a password, and cannot be removed by a system restart.

It is not yet clear how the malware functions, but Intego assures users that researchers have not yet spotted the malware in the wild.

OSX/Crisis creates a number of local folders to complete its tasks, says Intego. "Many of these are randomly names, but there are some that are consistent," such as Library/ScriptingAdditions/appleHID/.

"The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions," Intego's report reads. "The file is created in a way that is intended to make reverse engineering tools more difficult to use when analysing the file. This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware."

The Crisis Trojan is the latest malware in the rapidly increasing list of such attacks that target the once seemingly untouchable Mac OS X. Apple is increasing security measures in Mountain Lion, which is set to ship today, including the new Gatekeeper feature.


IDG UK Sites

New iPhone 6 review: best ever iPhone is very good... but no longer the best phone you can buy

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...