Intego identifies new Mac trojan
The trojan runs on OS X 10.6 and 10.7, and continues to run after system reboots. If the target Mac also has Root access available, Crisis will install additional components designed to hide its presence.
“The file is created in a way that is intended to make reverse engineering tools more difficult when analyzing the file,” said Intego’s Lysa Myers. “This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware.”
Once installed, the malware contacts IP address 176.58.100.37 every five minutes while awaiting instructions.
Intego says the trojan hasn’t been spotted in the wild yet, although it has already updated its VirusBarrier X6 definition files to detect the potential threat.
Crisis is considered a low level threat, although it’s still a good idea to avoid websites you deem untrustworthy.