Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
    • About Us
    blog.trendmicro.com Sites > TrendLabs Security Intelligence Blog > Bad Sites > Crisis/MORCUT Malware on OS X: Why Should Users Care?

    We’ve encountered new malware for Mac OS X systems, which we detect as OSX_MORCUT.A. We found this just as a new Mac OS X version, Mountain Lion (10.8), was being released via the Mac App Store.

    OSX_MORCUT.A acts as a backdoor into the remote system, giving attackers remote access to infected systems. From there, its capabilities are broadly similar to backdoors on Windows systems: search for files, check for network connections, download and upload files, execute commands on the affected machine, and even uninstall itself. In addition it also has a rootkit component, which it uses to hide its files and processes.

    What is somewhat unusual is this malware’s ability to record audio. Because almost all Macs sold today have some sort of built-in microphone, it means that an infected Mac could, in effect, serve as a surveillance device. Together with its other observed behaviors, this suggests that OSX_MORCUT.A was meant as a sophisticated information theft tool, perhaps used in targeted attacks. The number of self-described decision makers and power users who do run Macs makes one wonder if this was the goal in the first place.

    Our investigation also revealed that it runs on previous Mac OS X versions (Leopard, Snow Leopard, and Lion), but not on Mountain Lion. One wonders why this malware suddenly appeared on the same day as a new OS X version was released, with no ability to operate on the latest OS version. However, OSX_MORCUT.A’s apparent inability to run on Mountain Lion may be premature, as we know malware creators are capable of “updating” and spawning variants within hours. With Mountain Lion’s release, it is likely that we will soon see newer samples, or even a new threat, that will attempt to target Mountain Lion.

    Macs, like Windows or any other operating system, are not immune to malware. The presence of a rootkit component in this threat also highlights the increasing sophistication of Mac threats. Coupled with the habit of deferring updates to a later time, this might cause serious problems to both Mac consumers and enterprises supporting Macs alike.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Friday, July 27th, 2012 at 3:17 am and is filed under Bad Sites . Both comments and pings are currently closed.



    Comments are closed.



     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice