Skip to main content

Trojan Horse

See All Stories
Site default logo image

Morcut/Crisis Mac malware capable of monitoring location, webcam, address book, more

We told you yesterday about the Trojan named “Crisis“, also being referred to as “OSX/Morcut-A”, discovered for OS X, but it is considered low risk for users. Today, we get some more details about the trojan with security company Sophos explaining the Morcut Malware features code for controlling the following:

  • mouse coordinates
  • instant messengers (for instance, Skype [including call data], Adium and MSN Messenger)
  • location
  • internal webcam
  • clipboard contents
  • key presses
  • running applications
  • web URLs
  • screenshots
  • internal microphone
  • calendar data & alerts
  • device information
  • address book contents

The malware appears to have been specifically created with spying on the user as its goal. There have not been any reported cases of infected users, though, so the threat is still considered low risk.

Flashback.G trojan seen exploiting ancient Java vulnerabilities to infect Macs

Site default logo image

A new variant of the Flashback trojan horse called “Flashback.G” is reportedly out in the wild and able to exploit a pair of vulnerabilities found in an older version of Java run-time, according to a blog post by antivirus maker Intego yesterday. People running Snow Leopard and an older Java run-time are at high risk as the primary spreading method calls for maliciously crafted websites. When visiting such pages, the malware exploits a browser’s security settings and installs itself without any intervention on the user’s part.

Even if you use the latest Java run-time installation, the malware can still falsely report a Java certificate as signed by Apple (though it is reported as untrusted), duping naïve users into clicking the Continue button in the certificate window and letting the trojan infect the host system.

Upon infection, the trojan will suck personal data into the cloud, including sensitive usernames and passwords for Google, PayPal, eBay, and other popular websites. One possible sign of infection includes unexpected crashes in Safari, Skype, and other apps with embedded browser content.

So, how does one protect oneself from this nasty piece of software?


Expand
Expanding
Close