Experts Spot Third Variant of Mac Trojan Used by Governments in Targeted Attacks

Intego analyzes OSX/Crisis.C

Security researchers from Intego have spotted a new variant of OSX/Crisis, the Mac Trojan developed by Hacking Team, and utilized by governments in targeted cyberattacks.

OSX/Crisis.C is similar to previous variants. It’s distributed with the aid of a dropper that installs silently on targeted machines.

It runs on Mac OS X 10.5, 10.6, and 10.7, and it enables attackers to capture audio and video, take screenshots, harvest user locations, and connect to Wi-Fi.

In order to hide itself, Crisis patches the Activity Monitor. It drops its rootkit by tricking users into giving it system admin privileges.

This third version of the threat comes with a different backdoor configuration file format. Some of the dropper code has also been updated.

Intego spotted the Mac malware after it was uploaded by someone to VirusTotal as a file called “Frantisek,” which experts believe could be a reference to Pope Francis.

On Wednesday, only 6 of the 49 engines on VirusTotal detected the threat.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s