Apple Mac Trojan Called OSX/Crisis Is Commercial Malware
The Apple Mac trojan called OSX/Crisis found a few days ago by Intego has now been looked at in more detail, who have revealed some rather interesting things about it. Firstly, it's a sophisticated package that allows the criminal operating it to do the following: spy on Skype audio traffic and recording all conversations and phone calls; spy on Safari or Firefox browsers to record URLs and screenshots; record IM messages in both MS Messenger and Adium and send file contents to the control server. Basically, the user is completely 0wned by the attacker - Apple users wipe your smug smiles off now.
To be honest though, those spying functions aren't terribly unique to this malware. What is unique is that the malware is apparently a commercial malware package written by a company called Remote Control System DaVinci, which is apparently a play on the owner’s name and possibly a reference to the movie Hackers. "They gear their product towards government surveillance, though they have also apparently sold it to several banks and at least one other commercial company. Due to the cost (€200,000), this product is unlikely to be used by your average script kiddy in his parents’ basement." To avoid infection, as usual use common sense and run an internet security package to defend against attacks like this - yes this applies to Mac users too. There's more detail about this threat at the link below.
From a technical perspective, this is a very advanced and fully functional threat. Due to the apparent cost of this malware package, it's unlikely that this will be more than a targeted attack. But if you are the intended target, it’s very important that you have good security measures. Most vendors now have protection for the known components, but it's unlikely that this is the last version of this malware (or its installation packages) that we will see.
Posted by | Sat, Jul 28, 2012 - 09:32 PM