A new Mac Trojan has been discovered, which is reported to be affecting Snow Leopard and Lion users.
The Trojan, named OSX/Crisis, was discovered by security experts Intego on Tuesday, and is a dropper that creates a backdoor when it is run. The malware installs itself silently without the need for a password, and cannot be removed by a system restart.
It is not yet clear how the malware functions, but Intego assures users that researchers have not yet spotted the malware in the wild.
OSX/Crisis creates a number of local folders to complete its tasks, says Intego. “Many of these are randomly names, but there are some that are consistent,” such as Library/ScriptingAdditions/appleHID/.
“The backdoor component calls home to the IP address 126.96.36.199 every five minutes, awaiting instructions,” Intego’s report reads. “The file is created in a way that is intended to make reverse engineering tools more difficult to use when analysing the file. This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware.”
The Crisis Trojan is the latest malware in the rapidly increasing list of such attacks that target the once seemingly untouchable Mac OS X. Apple is increasing security measures in Mountain Lion, which is set to ship today, including the new Gatekeeper feature.