OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

New variant of Crisis found

Posted on January 21st, 2014 at 2:12 PM EST

Intego reported yesterday that they have discovered a new variant of the Crisis malware, which they are calling Crisis.C. The new variant does not yet have a very high detection rate on VirusTotal… perhaps because the code has been obfuscated using MPacker. It is unknown at this time, however, how this malware gets installed.
Read the rest of this entry »

1 Comment

Crisis continues to make appearances

Posted on November 14th, 2013 at 12:39 PM EST

Crisis, a high-priced remote access tool mostly used in targeted, government-sponsored attacks, was first discovered more than a year ago. Its high price tag (200,000 euros, according to Intego’s findings at the time) and targeted nature has meant that I have never yet seen a case of Crisis infection, nor have I ever located anything but bits and pieces of the malware. However, as Intego reported earlier this week, Crisis is not only still out there, but a new variant has appeared with some new tricks up its sleeve!
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

OSX/Crisis malware revealed as targeted attack

Posted on July 27th, 2012 at 7:06 AM EST

Over the last couple days, a lot more information about the malware Intego announced as OSX/Crisis has come out.  It has been discovered that it contains part of a commercial malware package called Remote Control System DaVinci, which is marketed primarily to governments and sells for 200,000 euros.  At this point, it appears to be a targeted attack, likely on the part of a Middle Eastern government and aimed at a group of Moroccan journalists who covered the Arab Spring revolution.
Read the rest of this entry »

8 Comments

New Mac malware OSX/Crisis discovered

Posted on July 24th, 2012 at 4:56 PM EST

Intego reported the discovery of new malware today, which they have named OSX/Crisis.  This malware is evidently a trojan that installs a backdoor (called Backdoor:OSX/Crisis by Intego). It can evidently install this backdoor without an admin password; simply running the trojan is sufficient.  The backdoor, in turn, contacts a specific IP address every 5 minutes looking for instructions.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.