A new Mac OS X trojan targeting computers running Snow Leopard and Lion has been discovered by security company Intego. The malware, fittingly dubbed OSX/Crisis, has not yet been discovered in the wild, but researchers, who found samples of it on VirusTotal, say its consequences are potentially harmful.
The trojan does not require admin permissions to run and can install itself without any user interaction. If it manages to nab admin access, however, OSX/Crisis hides behind a rootkit and installs more components to complete its tasks.
“[Its] backdoor component calls home to the IP address 126.96.36.199 every 5 minutes, awaiting instructions,” Intego’s Lysa Meyers wrote in a blog post. “The file is created in a way that is intended to make reverse engineering tools more difficult to use when analyzing the file.”
OSX/Crisis will continue to run even after an infected computer is rebooted, meaning it must be completely removed for a system to be safe.
Notably, it functions differently from the other Mac-targeted malware, like Flashback, that has surfaced recently.
“The file is created in a way that is intended to make reverse engineering tools more difficult to use when analyzing the file. This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware,” Meyers wrote.
The discovery comes just as Apple has released Mountain Lion, the latest version of its Mac operating system. Though the Mac platform has long been thought to be immune from viruses, the company recently changed its marketing language to reflect reality - that Mac malware certainly exists, but is considerably less prevalent than threats to Windows PCs.