New OSX Malware discovered

Sunday
Apple Mac Trojan named OSX/Crisis.
Discovered by Intego.
Intego is a Mac security software company founded in 1997.
wysiwyg image

They create backup, antivirus, antispam, data protection software, firewall for MAC OS X.
Now lets get back to our discussion
OSX/Crisis:
This threat is a dropper which creates a backdoor when it's run.
It installs silently, without requiring a password only in OSX 10.6,10.7 and Snow Leopard and Lion.
If the dropper runs on a system with Admin permissions it will drop a rootkit to hide itself.
With or Without Admin permissions this folder is created in the infected user's home:
~/Library/ScriptingAdditions/appleHID
only with Admin permissions,
/System/Library/Frameworks/Foundation.framework/XPCService
A new folder will be created.
It uses low level system calls to hide its activities
wysiwyg image

wysiwyg image

wysiwyg image

Intego suggest to use VirusBarrier X6 need to update to get protected from OSX/Crisis.

No comments:

Post a Comment