New Apple Mac trojan called OSX/Crisis discovered
Jump to navigation
Jump to search
(Publication) Google search: [1]
| New Apple Mac trojan called OSX/Crisis discovered | |
|---|---|
| Botnet | Crisis |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 24 juillet 2012 |
| Editor/Conference | Intego |
| Link | http://www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/ (Archive copy) |
| Author | Lysa Myers |
| Type | |
Abstract
“ Intego has discovered a new Trojan called OSX/Crisis. This threat is a dropper which creates a backdoor when it’s run. It installs silently, without requiring a password, and works only in OSX versions 10.6 and 10.7 – Snow Leopard and Lion.
The Trojan preserves itself against reboots, so it will continue to run until it’s removed. Depending on whether or not the dropper runs on a user account with Admin permissions, it will install different components. We have not yet seen if or how this threat is installed on a user’s system; it may be that an installer component will try to establish Admin permissions.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1117,
editor = {Intego},
author = {Lysa Myers},
title = {New Apple Mac trojan called OSX/Crisis discovered},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2012},
howpublished = {\url{http://www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/}},
}