New Mac Malware 'OSX/Crisis' Discovered

Davey Alba, LAPTOP Staff Writer
July 25 2012 09:11 AM ET

CREDIT: Laptopmag.com

Contrary to popular belief, your Apple computer isn't impervious to all forms of malware and viruses.

Yesterday (July 24), Mac security firm Intego announced that it had discovered a new Mac OS X Trojan horse called OSX/Crisis. The malware installs itself without user intervention and hides itself if installed with administrator permission.

While the risk has been identified as low — the malware has not yet been found in the wild — it's alarming that OSX/Crisis exhibits a number of stealthy qualities rarely seen in OS X malware.

For one, OSX/Crisis is what's formally known as a Trojan dropper, which means it can cloak itself behind the guise of a music file, a game or a screen saver.

Luckily, there are ways to check if your Mac has been infected. If OSX/Crisis is installed on a Mac running in root or administrator mode, the following files will turn up:

  • /System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/MacOS/com.apple.mdworker_server
  • /System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/Resources/
  • /Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r

However, without root access, only the last file will be present:

  • /Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r

OSX/Crisis routinely calls home to the IP address 176.58.100.37 every 5 minutes, awaiting instructions. This IP address could change over time.

Additionally, the backdoor file with this functionality has been coded in such a way that reverse engineering tools won't work as well when analyzing the file. OSX/Crisis's creators used a technique called anti-analysis which is commonly seen in Windows malware, yet almost unheard of in OS X malware.

OSX/Crisis is only threatening to the two latest versions of Mac OS X, Snow Leopard 10.6 and Lion 10.7.

On the bright side, if you already use Intego VirusBarrier X6, all you need to do is update to get the latest protection from this threat. Otherwise, users with malware anxiety can check out the relevant Mac protection software from Intego here.

via Intego

How Well Do You Know Your Malware?
Many forms of bugs plaguing modern operating systems can confuse even experts. Here's your opportunity to beat us at our own game by showing off your knowledge.
Start the Quiz
green viruses floating out of laptop
0 of 10 questions complete
0 of
Many forms of bugs plaguing modern operating systems can confuse even experts. Here's your opportunity to beat us at our own game by showing off your knowledge.
Start Quiz
 
 

Video
WorkEngine Online Project Management Video Review
WorkEngine Online Project Management Video Review
Saving the Forest, One Box at a Time
Saving the Forest, One Box at a Time
Review of VersaCheck Gold X1
Review of VersaCheck Gold X1
Review: TEKLYNX LABELVIEW 9 - Powerful tools for custom barcode labels
Review: TEKLYNX LABELVIEW 9 - Powerful tools for custom barcode labels
Company Company Info About the Site Contact Us Advertise with Us Using our Content Licensing & Reprints Privacy Policy Sitemap
Network TopTenREVIEWS LiveScience SPACE.com LaptopMag TechNewsDaily Newsarama BusinessNewsDaily Herman Street
Follow TechNewsDaily Join Our Mailing List
Copyright © 2013 All Rights Reserved.