TweakTown
Tech content trusted by users in North America and around the world
5,673 Reviews & Articles | 36,062 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

Another OS X Trojan has been identified, this one bypasses user permissions

Latest OS X Trojan "Crisis" bypasses user permissions

| Hacking & Security News | Posted: Jul 25, 2012 3:30 am

Apple have been hit again, with security firm Intego and their virus team identifying yet another Trojan horse that attacks Apple's Mac platform. The new Trojan called "Crisis", hasn't been seen in the wild yet, but Intego says that the Trojan is engineered to make analysis of the malware difficult for security experts.

 

TweakTown image news/2/4/24993_03_another_os_x_trojan_has_been_identified_this_one_bypasses_user_permissions.png

 

Intego have stressed alertness regarding Crisis, as it appears to be quite smart, having the ability to bypass OS X security features and install itself, all without any user interaction.

 

Crisis has been tracked, back to the IP address of 176.58.100.37, which it then calls back to every five minutes for instructions. There's only two OS X versions that are said to be susceptible to Crisis, OS X 10.6 and 10.7. Crisis can install and run itself without the need for the user to enter in their password. It's also resistant to reboots, and will run until it is detected and removed.

 

If Crisis is installed onto a user account with root permissions, the Trojan will install additional programs in order to hide itself. With or without root access, Crisis will install the following file:

 

/Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r

 

When Crisis has root access, it installs two additional files:

 

/System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/MacOS/com.apple.mdworker_server

 

and

 

/System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/Resources/

 

Intego has updated its VirusBarrier X6 software to guard against this new malware, and other definitions dated July 24, 2012 or later.

 

Now the question is to your Mac, "can it run Crisis?" ;)

NEWS SOURCES
Electronista.com, Intego.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below