We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

New Crisis Mac Trojan targeting Snow Leopard and Lion

Intego has discovered new Mac malware that is able to install itself onto OS X without the user’s knowledge

A new Mac Trojan has been discovered, which is reported to be affecting Snow Leopard and Lion users.

The Trojan, named OSX/Crisis, was discovered by security experts Intego on Tuesday, and is a dropper that creates a backdoor when it is run. The malware installs itself silently without the need for a password, and cannot be removed by a system restart.

It is not yet clear how the malware functions, but Intego assures users that researchers have not yet spotted the malware in the wild.

OSX/Crisis creates a number of local folders to complete its tasks, says Intego. "Many of these are randomly names, but there are some that are consistent," such as Library/ScriptingAdditions/appleHID/.

"The backdoor component calls home to the IP address 176.58.100.37 every five minutes, awaiting instructions," Intego's report reads. "The file is created in a way that is intended to make reverse engineering tools more difficult to use when analysing the file. This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware."

The Crisis Trojan is the latest malware in the rapidly increasing list of such attacks that target the once seemingly untouchable Mac OS X. Apple is increasing security measures in Mountain Lion, which is set to ship today, including the new Gatekeeper feature.


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV expert tips: get US Apple TV content, watch Google Play, use multiple Apple IDs and more