Just hours before the release of Mountain Lion, the latest version of the OS X operating system, a new malware has been discovered highlighting the need for Apple Mac users to protect their computers with anti-virus software.

Sophos researchers have discovered that the new Morcut Mac OS X malware, also known as “Crisis”, has been distributed as part of a multi-platform attack, designed to hit both Windows and Mac users – embedded in an archive file which pretends to be Adobe Flash Player.

The threat, which has not yet been seen in the wild, is complex – and when run on an OS X system drops multiple components, reconfigures system settings and installs a backdoor and rootkit combination that connects to a remote server and waits for instructions from malicious hackers.

When run on Windows systems, a version of the Swizzor malware is installed instead.

“Analysis of this malware is ongoing, but Mac users are protected right now if they are running a good, up-to-date anti-virus,” said Graham Cluley, senior technology consultant for Sophos. “The good news is that this threat has not been seen in the wild so far, but we are seeing increasing evidence of cybercriminals exploiting the fact that many Mac users have still not got the message that they need to protect their computers.  There is much less malware for Macs than there is for Windows, but that doesn’t mean it’s non-existent. If Mac users are too laid-back about security and leave their bellies exposed, they’re asking for trouble.”

In a statement, SophosLabs told TheTechInsider that their experts are continuing to analyse the Morcut malware, and warn that even if the threat does not break into the wild, the techniques it uses could be deployed by other malicious hackers in the future.

Mac OS users are stronly encouraged to install an anti-virus software. Sophos makes available a free anti-virus for Mac home users which protects against the threat.  It can be downloaded from http://www.sophos.com/freemacav.

Sophos products detect the various components used in the attack as Troj/JVDrop-A, Mal/Swizzor-D and OSX/Morcut-A.

Leave a Reply