Mac security software firm Intego claims to have isolated a new Apple malware called OSX/Crisis. Describing OSX/Crisis as a “Trojan dropper,” Intego says the malware installs without any user interaction, and will attempt to hide itself on systems with root access.
The malware is designed to work with Snow Leopard and Lion, according to Intego, and it “calls home” to a specific IP address every five minutes to await further instructions. Intego also suggests that OSX/Crisis has been crafted in such a way “to make reverse engineering tools more difficult when analyzing the file,” a technique common in Windows malware but uncommon in Mac malware.
The company indicates that they haven’t seen OSX/Crisis “in the wild.” The company has updated its VirusBarrier X6 software to detect and remove the OSX/Crisis malware, however. Users should update their definitions file to the latest version to make sure they’re covered.