- Back to Home »
- Apple Mac Trojan called OSX/Crisis Discovered
Monday, 30 July 2012
Apple Mac Trojan named OSX/Crisis.
Discovered by Intego.
Intego is a Mac security software company founded in 1997.
They create backup, antivirus, antispam, data protection software, firewall for MAC OS X.
Now lets get back to our discussion
OSX/Crisis:
This threat is a dropper which creates a backdoor when it's run.
It installs silently, without requiring a password only in OSX 10.6,10.7 and Snow Leopard and Lion.
If the dropper runs on a system with Admin permissions it will drop a rootkit to hide itself.
With or Without Admin permissions this folder is created in the infected user's home:
~/Library/ScriptingAdditions/appleHID
only with Admin permissions,
/System/Library/Frameworks/Foundation.framework/XPCService
A new folder will be created.
It uses low level system calls to hide its activities
Image has been scaled down 20% (500x590). Click this bar to view original image (620x731). Click image to open in new window.
Image has been scaled down 20% (500x428). Click this bar to view original image (620x530). Click image to open in new window.
Image has been scaled down 20% (500x428). Click this bar to view original image (620x530). Click image to open in new window.
Intego suggest to use VirusBarrier X6 need to update to get protected from OSX/Crisis.