New Apple Mac Trojan "OSX/Crisis" Discovered

Contrary to popular belief, your Apple computer isn't impervious to all forms of malware and viruses. Today, Mac security firm Intego announced that it had discovered a new Mac OS X trojan called OSX/Crisis. The malware installs itself without user intervention and hides itself well if installed with root permission.

While the risk has been identified as low -- the malware has not yet been found in the wild -- it's alarming that OSX/Crisis exhibits a number of stealthing qualities rarely seen in OS X malware. For one, OSX/Crisis is what's formally known as a Trojan dropper, which means it can cloak itself behind the guise of a music file, a game or a screen saver.

Luckily, there are ways to check if your Mac has been infected. If OSX/Crisis is installed on a Mac running in root or administrator mode, the following files will turn up:

  • /System/Library/Frameworks/Foundation.framework/XPCServices/
  • /System/Library/Frameworks/Foundation.framework/XPCServices/
  • /Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r

However, without root access, only the last file will be present: