Intego spots new Mac malware: ‘OSX/Crisis’

Posted on Wednesday, July 25th, 2012 at 6:23 am. PT

Mac security software firm Intego claims to have isolated a new Apple malware called OSX/Crisis. Describing OSX/Crisis as a “Trojan dropper,” Intego says the malware installs without any user interaction, and will attempt to hide itself on systems with root access.

The malware is designed to work with Snow Leopard and Lion, according to Intego, and it “calls home” to a specific IP address every five minutes to await further instructions. Intego also suggests that OSX/Crisis has been crafted in such a way “to make reverse engineering tools more difficult when analyzing the file,” a technique common in Windows malware but uncommon in Mac malware.

The company indicates that they haven’t seen OSX/Crisis “in the wild.” The company has updated its VirusBarrier X6 software to detect and remove the OSX/Crisis malware, however. Users should update their definitions file to the latest version to make sure they’re covered.

MrPhotoEd

Is this a case of “isolated” = created? OSX/Crisis sounds like it came straight out of the marketing department.

Just a thought
- Peter Cohen
  
  That’s a ridiculous thing to say.
  - http://twitter.com/greg42 Greg
    
    Well, if they haven’t seen it in the wild, how do they find it?
    
    While threats shouldn’t be ignored, Intego has a history, at least to my way of thinking, of blowing trojan threats out of proportion.
    - Peter Cohen
      
      “how do they find it?”
      
      They keep an eye on channels that fall out of the public purview.
    - http://www.yourmaclifeshow.com/ Shawn King
      
      “how do they find it?”
      
      There’s a whole underground world/subculture of the internet where these things are found that don’t ever reach the level of the public’s consciousness.
      - http://twitter.com/greg42 Greg
        
        A tortured definition of not in the wild if I’ve ever seen one.
        
        It’s just a fine line here, between informing people and inciting panic to sell software. I generally feel reasonably confident myself in being able to pick out what sounds like a significant issue and what doesn’t. When the news comes from Intego I take it with a big ol grain of salt.
      - http://www.aichon.com Brad
        
        If I have a vial of fictionium-nitrate that is on the black market, it’s not in the wild, but it’s known to exist. Intego, from what I can gather, checks in on black market matters enough that they know the going street price to use various pieces of malware for criminal purposes (e.g. Crisis apparently goes for 200K euros), as well as which ones simply exist, even if they haven’t been deployed yet.
        
        That said, I do agree with taking what they say with a big grain of salt. After all, their business is directly affected by the degree to which people are concerned with malware. And they also have a history of overstating issues.
http://fcoramirez.betaid.org/ Francisco

I believe my cousins Mac just got infected by this. A friend of his used his mac to enter gmail and the her bank (probably through a fake link in an email) and now Firefox its giving him all kind of security issues. Since he is 1500 km away as of the moment, I haven’t been able to check for more details but sounds like a serious threat.