New Mac Trojan Sidesteps User Permissions

Intego identifies new Mac trojanIntego identifies new Mac trojan

The trojan runs on OS X 10.6 and 10.7, and continues to run after system reboots. If the target Mac also has Root access available, Crisis will install additional components designed to hide its presence.

“The file is created in a way that is intended to make reverse engineering tools more difficult when analyzing the file,” said Intego’s Lysa Myers. “This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware.”

Once installed, the malware contacts IP address 176.58.100.37 every five minutes while awaiting instructions.

Intego says the trojan hasn’t been spotted in the wild yet, although it has already updated its VirusBarrier X6 definition files to detect the potential threat.

Crisis is considered a low level threat, although it’s still a good idea to avoid websites you deem untrustworthy.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WIN an iPhone 16 Pro Max!