Crisis (or Morcut) Trojan Targets Mac Users

mac-os-x-malware-attacksIt is no secret that most malware is Windows-based, and for the longest time, this fact greatly inflated the ego of the die-hard Mac user, whose big cats (i.e. OS X lion, tiger, and leopard) well guarded his or her system against malicious attacks. In fact, Mac users and supporters alike proudly boasted that the animal kingdom was untouchable. Little did they realize predators are always in hunt of new game, especially boastful and cocky ones. The recent unleashing of two Mac-based malicious programs, Crisis and Morcut, clearly show malware makers and cybercriminals have Mac in clear sight, and like a snaggletooth, don't plan on letting go any time soon. This is because the payoff could be huge, as Mac's popularity and use have grown exponentially, rivaling its biggest competitor, Windows. Another attraction is the millions of naive users who believe the OS X to be bulletproof, thus meaning they would be totally caught off-guard and with their doors and Windows wide opened.

It may come as a surprise to many, especially Mac users, that the first Mac virus, in 1982, predates IBM PC-based viruses! However, the first attempt to penetrate the almighty OS X came in 2004, by way of a shell script worm, which could explain the low profile. Shell scripting is equivalent to a MS DOS batch file, thus requiring interactivity at the root level. Many speculate the attack may have been isolated to a personal vendetta against a targeted machine and user, where the system was compromised by a hack.

Unfortunately, in the underground world, one person's failed attempt is the prelude or cursor to another's success, thus the release of the first virus or computer worm, tagged OSX/Leap-A, in 2006. This self-replicating malicious program and file propagated through the iChat messaging system, sending a copy of itself to everyone on the victim's buddy list. Persons who clicked on the masked jpeg received more than an image and thus allowed the malicious file to load and activate as well as chase down and transmit their vital data, i.e. passwords, usernames, etc., as well as secretly open a backdoor to allow unauthorized entry. A few more germs, even some that were cross-platform, followed after that, but not as epic as the Flashback Trojan and Virus variants that infiltrated more than 600,000 Mac systems. Thanks to a Java exploit, Flashback not only successfully slipped past the powerful animal kingdom, but was able to convert 27 bots in Apple's own backyard, California.

Shortly thereafter, we've learned of a malware package containing a malicious AdobeFlashPlayer.jar .class file labeled as WebEnhancer and two less conspicuous files, win and mac. Jar files are used by developers to deliver Java software, with class files being equivalent to executables on Windows, except they are cross-platform, an intentional benefit.

The WebEnhancer is not used the way one might assume (i.e. as a browser helper) but rather matches up operating system platform with the corresponding malicious file and installer, i.e. win (Windows malware detected as Mal/Swizzor-D) or mac (Mac malware detected as OSX/Morcut-A). Thankfully a flaw or oversight in the malware maker's build raises a red flag after its digital signature is brought under scrutiny. Similar to Windows-based malware, PC users should REJECT downloads from questionable or non-existent publishers. If PC users bypass security alerts and accept the malicious download, the infectious file will run and carry out one or more payloads that collect data off the infected system, install a backdoor, and most likely connect with a command and control server to intercept more malicious files and programs.

It goes without saying that Mac's feline camp has done an exceptional job long guarding its environment. However, to turn a blind eye to the evolving malware landscape could prove deadly for Mac users who desire to hold onto the fading belief no weapons formed against their OS can prosper.

Mac Safety Tips To Protect Your Data

In case Mac users have not been paying attention, here are a few safety rules to follow if you use the Internet and want to protect your data and hard drive against vicious attacks:

  • Use a solid firewall.
  • Install a trusted and stealth antimalware solution that uses a mix of scanning techniques and that contains an anti-rootkit component to combat aggressive malware.
  • Stay atop notifications to patch and upgrade software and apply immediately.
  • Use strong passwords that are hard to crack.
  • Be leery of warez and eTorrent websites, as they contain malicious content.
  • Be slow to click on links and attachments in emails or when using social networks until you can verify the source.
  • Reject downloads of software missing signatures or whose signatures are questionable.
  • Carefully read the end-user license agreements of freeware and reject those hinting of malicious intent.
  • Do not store your vital data, i.e. passwords, usernames, etc., in the browser, as they are the first place malware is programmed to look.
  • Do not ignore weird system behaviors, i.e. slowed performance, forced reroutes, etc., that hint of a possible intrusive, regardless if you feel you have stellar Internet security. Aggressive malware is able to bypass firewalls and some security channels.

As Apple's market share increases and rumored adoption of microprocessors also used in Windows become a reality, you can expect the threat landscape to heat up. While most malware intrusions come at the hands of its victims, i.e. clicking too fast before verifying a download, drive-by attacks are becoming more prevalent, since they require no further action than a landing on the compromised webpage. So the wise choice is being proactive and fortifying your systems to halt an attack rather than countering. Otherwise, you could be forced to stare at the blue screen of death, and believe me, it will be no laughing matter since it too could mean loss of valuable data.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.