New Mac Trojan Horse Discovered
A new Mac Trojan horse this week that is being used to target specific individuals.
The Trojan, dubbed "Crisis" by the anti-virus Software Manufacturer Intego, and called "Morcut" by Sophos, is espionage malware that spies on victims using Mac instant messaging clients, Internet browsers, Skype, and the Internet phoning software.
According to the Anti-virus company Intego, "Crisis" has programming code that points to a connection with an Italian firm that sells a high priced (over $250,000) espionage toolkit to national intelligence and law enforcement agencies.
"Crisis", relies on trickery to convince the user to self-infect his or her Mac.
Symantec’s recent security posts indicate that the believe that the infection vector may rely primarily on social engineering rather than a specific vulnerability.
This particular malware tries to hide from security software by installing a rootkit, and also masks the activity, and how much memory it is consuming from OS X’s Activity Monitor. Once on a Mac, Crisis monitors instant messaging clients Adium and MSN Messenger, Skype, and the Safari and Firefox browsers. It captures
a variety of content transmitted by those programs, including audio from Skype, messages from Adium and MSN Messenger, and URLs from the browsers.
It also can turn on the Mac’s built-in webcam and microphone to watch and listen, take snapshots of the current Safari and Firefox screens, record keystrokes, and steal contacts from the machine’s address book.
So far it appears that whatever is recorded is being send to a single command-and-control server.
The source espionage software called Remote Control System (RCS), is marketed by the Italian firm "Hacking Team", which is supposedly only sold to government intelligence and law enforcement agencies. "Hacking Team" specializes in software that does what it calls "offensive security."
The fact that many businesses now have Mac’s in some departments, could open the way to a modified version of the Trojan to jump operating system platforms, and infect other areas of a business network.
This is just another example of the importance of having staff use due diligence when it comes to the use of social media, and why it is important to keep Anti-virus and Anti-Malware programs updated.
If you are unsure of your Antii-virus status and need help canotact CCS Retail Support.