New OSX/Crisis malware found for OS X 10.6 and 10.7
A new script-based malware threat for OS X has been uncovered by security company Intego. The malware, called OSX/Crisis, has so far not been found "in the wild," but it has the potential to do harm.
Apparently the threat only runs on OS X 10.6 and 10.7 machines, and while it does not require a password to install, if a password is provided then the mode of infection changes. Most of the installed files are randomly named, though in all cases the malware appears to install a file called "appleHID" in the /Library/ScriptingAdditions/ directory. If a password is supplied and the installer gets root permissions, then the malware will additionally locate the system's Foundation framework and install a malware package called "com.apple.mdworker_server.xpc" within it.
- Thu, 2013-03-21 10:57
- Wed, 2012-12-12 09:39
- Mon, 2012-04-16 05:56