New Mac Trojan discovered

Macworld Australia Staff
25 July, 2012
View more articles fromthe author

A new Apple Mac Trojan, ‘OSX/Crisis’ has been discovered by Apple software security company Intego that will install itself without a password and execute multiple malicious files on OS X Macs.

The Trojan dropper’s risk is confined to Snow Leopard and Lion OS X users and is low risk according to Intego as the “malware has not yet been found in the wild”.

The malware protects itself against reboots, requiring it to be removed completely from affected Macs and if given root permission, the Trojan will hide itself using a rootkit.

Whether it is given permission or not “it creates a number of files and folders to complete its task; 17 files when it’s run with root access, 14 files when it’s run without,” a Intego blog post confirms.

The executed standalone files could be Trojans, worms or backdoor malware threats and are saved to a folder on the affected computer.


Intego believes the following files are installed on affected Macs:

With or without root access, this file is installed:

  •   /Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r

Only with root access, these files are installed:

  • /System/Library/Frameworks/Foundation.framework/XPCServices/
  • /System/Library/Frameworks/Foundation.framework/XPCServices/

While common on Windows, the type of Trojan discovered is rare in OS X malware and poses as another Mac threat found this year. Earlier this year Apple users defended themselves against the SabPub backdoor malware that attacked Java vulnerabilities and Microsoft Word documents and the Java-based Flashback Trojan.



Leave a Comment

Please keep your comments friendly on the topic.

Contact us