• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Crisis/MORCUT Malware on OS X: Why Should Users Care?

Crisis/MORCUT Malware on OS X: Why Should Users Care?

  • Posted on:July 27, 2012 at 3:17 am
  • Posted in:Bad Sites
  • Author:
    Christopher Daniel So (Threat Response Engineer)
0

We’ve encountered new malware for Mac OS X systems, which we detect as OSX_MORCUT.A. We found this just as a new Mac OS X version, Mountain Lion (10.8), was being released via the Mac App Store.

OSX_MORCUT.A acts as a backdoor into the remote system, giving attackers remote access to infected systems. From there, its capabilities are broadly similar to backdoors on Windows systems: search for files, check for network connections, download and upload files, execute commands on the affected machine, and even uninstall itself. In addition it also has a rootkit component, which it uses to hide its files and processes.

What is somewhat unusual is this malware’s ability to record audio. Because almost all Macs sold today have some sort of built-in microphone, it means that an infected Mac could, in effect, serve as a surveillance device. Together with its other observed behaviors, this suggests that OSX_MORCUT.A was meant as a sophisticated information theft tool, perhaps used in targeted attacks. The number of self-described decision makers and power users who do run Macs makes one wonder if this was the goal in the first place.

Our investigation also revealed that it runs on previous Mac OS X versions (Leopard, Snow Leopard, and Lion), but not on Mountain Lion. One wonders why this malware suddenly appeared on the same day as a new OS X version was released, with no ability to operate on the latest OS version. However, OSX_MORCUT.A’s apparent inability to run on Mountain Lion may be premature, as we know malware creators are capable of “updating” and spawning variants within hours. With Mountain Lion’s release, it is likely that we will soon see newer samples, or even a new threat, that will attempt to target Mountain Lion.

Macs, like Windows or any other operating system, are not immune to malware. The presence of a rootkit component in this threat also highlights the increasing sophistication of Mac threats. Coupled with the habit of deferring updates to a later time, this might cause serious problems to both Mac consumers and enterprises supporting Macs alike.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: CrisisLeopardLionMacmac malwareMac OS XMORCUTMountain LionSnow Leopard

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.