Saturday, July 28, 2012

Mac OS X Targeted By Clever New Trojan

A new Mac malware threat has been discovered. The OSX/Crisis Trojan is an insidious clever threat. Mac users should take steps to defend against this new malware, and proactively defend against future threats while they’re at it.
Protect yourself!
OSX/Crisis  is uniquely sneaky. First of all, the malware is cross-platform. It identifies the operating system, and executes different instructions depending on whether the target is a Windows or Mac OS X system. The malware is capable of infecting OS X 10.6 “Snow Leopard” and OS X 10.7 “Lion” systems without requiring a password, or any user intervention.

Once it infiltrates the system, it exhibits different behavior depending on whether or not it has Admin level privileges on the target. OSX/Crisis is exceptional in its ability to adapt on the fly to attack a broader range of targets.

Curtis Fechner, Webroot  threat research analyst, explained, “We've been looking at this and it's quite complex, as well as fascinating. I think the most important opinion we've formed is that we see more threats for the Mac platform like this one on the horizon.”

Mac users need to defend against another new malware threat.
Andrew, director of security operations for nCircle , declared, “Mac malware is no joke. Despite Apple’s marketing hype about security, it should be obvious to everyone that their devices are susceptible to malware. Earlier this year the Flashback Trojan infected hundreds of thousands of Macs. The new OSX/Crisis malware is another Apple wake up call.”

At this point it would be cliché to echo the same ominous warnings that are issued every time a new malware threat targets Mac OS X. I think all but the most naïve of Apple users understand that the days of security by obscurity are over, and that the OS is not invulnerable to attack.

For many Mac users, though, there is still a disconnect between realizing that the threat landscape has shifted, and actually doing something about it. Mac users need to embrace the mindset that has been conditioned into Windows users over time, and install antimalware and other security tools to proactively protect against new attacks.

Dave Marcus director of advanced threat research & intelligence at McAfee Labs , sums it up. “Apple users should consider themselves fully on notice: their Macs can be infected like any other device and they MUST take appropriate countermeasures by installing anti-malware solutions and practicing safe browsing habits.”

Storms agrees with Marcus. “Mac users are going to have to learn to be more security minded and Apple needs to step up and offer users practical, effective security support.”


  1. Another Java exploit.

    I, like many Mac users, had already disabled the malware magnet named Java after the Flashback scare, and to tell the truth, I don't miss it one bit. Apple hasn't included the Java runtime engine with OSX, for some time now.

    I'm sure McAfee would have preferred that I purchased their security software, but it would have just been a waste of money.

  2. Well, as you've said, many Mac users aren't "tech savvy" and can't be bothered with (or don't know how to) change settings so they won't and they'll be vulnerable. Also, purchasing AV software isn't a waste of money either because Mac and PCs are both vulnerable to multiple kinds of electronic attacks that cannot be side-stepped by simply disabling a plug-in.

  3. Yes, but a Mac user who neglects to install aftermarket security software is still better off than a similarly careless Windows user.