Intego Discovers New OSX/Crisis Mac Trojan, But Don't Panic Just Yet

Intego Discovers New OSX/Crisis Mac Trojan, But Don't Panic Just Yet

Just hours ahead of Wednesday's release of OS X Mountain Lion, a new Mac trojan has been discovered -- and you'll have good reason to upgrade, since the dormant OSX/Crisis only runs on Snow Leopard or OS X Lion.

Intego has sounded an alarm with a new security memo on Tuesday, detailing a new Mac trojan called "OSX/Crisis" which its virus team has discovered. And on paper at least, it's a troublesome one, installing silently without a password.

For now, the risk of being affected by the OSX/Crisis malware is quite low -- Intego notes that it hasn't actually been found in the wild yet. However, the Trojan dropper "exhibits some anti-analysis and stealthing techniques that are uncommon among OS X malware."

"This threat works only in OSX versions 10.6 and 10.7 -- Snow Leopard and Lion," Intego notes on its blog. "It installs without need of any user interaction; no password is required for it to run. The Trojan preserves itself against reboots, so it will continue to run until it’s removed. Depending on whether or not the dropper runs on a user account with root permissions, it will install different components. It remains to be seen if or how this threat is installed on a user's system; it may be that an installer component will try to establish root permissions."

That sounds pretty scary, but Intego is already on the case, pushing an update to its VirusBarrier X6 software so users will be protected from OSX/Crisis. Meanwhile, the company's virus team continues to analyze any potential threat from the malware, so we'll be sure to update MacLife.com readers should the situation change.

Follow this article’s author, J.R. Bookwalter on Twitter

Read More

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest