New Mac Trojan Sidesteps User Permissions

A new trojan horse, dubbed Crisis, has been identified by the security company Intego. According to the company, the trojan horse can install itself without requiring any user interaction or account passwords, and attempts to hide itself from virus protection and detection applications.

Intego identifies new Mac trojanIntego identifies new Mac trojan

The trojan runs on OS X 10.6 and 10.7, and continues to run after system reboots. If the target Mac also has Root access available, Crisis will install additional components designed to hide its presence.

“The file is created in a way that is intended to make reverse engineering tools more difficult when analyzing the file,” said Intego’s Lysa Myers. “This sort of anti-analysis technique is common in Windows malware, but is relatively uncommon for OS X malware.”

Once installed, the malware contacts IP address 176.58.100.37 every five minutes while awaiting instructions.

Intego says the trojan hasn’t been spotted in the wild yet, although it has already updated its VirusBarrier X6 definition files to detect the potential threat.

Crisis is considered a low level threat, although it’s still a good idea to avoid websites you deem untrustworthy.