Technology content trusted in North America and globally since 1999
8,589 Reviews & Articles | 67,094 News Posts

Another OS X Trojan has been identified, this one bypasses user permissions

Latest OS X Trojan "Crisis" bypasses user permissions

By Anthony Garreffa on Jul 24, 2012 10:30 pm CDT - 1 min, 19 secs reading time

Apple have been hit again, with security firm Intego and their virus team identifying yet another Trojan horse that attacks Apple's Mac platform. The new Trojan called "Crisis", hasn't been seen in the wild yet, but Intego says that the Trojan is engineered to make analysis of the malware difficult for security experts.

another_os_x_trojan_has_been_identified_this_one_bypasses_user_permissions_03

Intego have stressed alertness regarding Crisis, as it appears to be quite smart, having the ability to bypass OS X security features and install itself, all without any user interaction.

Crisis has been tracked, back to the IP address of 176.58.100.37, which it then calls back to every five minutes for instructions. There's only two OS X versions that are said to be susceptible to Crisis, OS X 10.6 and 10.7. Crisis can install and run itself without the need for the user to enter in their password. It's also resistant to reboots, and will run until it is detected and removed.

If Crisis is installed onto a user account with root permissions, the Trojan will install additional programs in order to hide itself. With or without root access, Crisis will install the following file:

/Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r

When Crisis has root access, it installs two additional files:

/System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/MacOS/com.apple.mdworker_server

and

/System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/Resources/

Intego has updated its VirusBarrier X6 software to guard against this new malware, and other definitions dated July 24, 2012 or later.

Now the question is to your Mac, "can it run Crisis?" ;)

Anthony Garreffa

ABOUT THE AUTHOR - Anthony Garreffa

Anthony is a long time PC enthusiast with a passion of hate for games to be built around consoles. With FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with high-end, custom-built PCs. His addiction to GPU technology is unwavering, and with next-gen NVIDIA GPUs about to launch alongside 4K 144Hz HDR G-Sync gaming monitors and BFGDs (65-inch 4K 120Hz HDR G-Sync TVs) there has never been a time to be more excited about technology.

Related Tags