New Mac Trojan Targets Specific Individuals

A new Mac Trojan horse was discovered. It is used to target specific individuals. This newly known espionage malware called "Crisis" by Intego and "Morcut" by Sophos spies upon users of Mac instant messaging clients, the Internet phoning software, Skype and browsers.
    Intego published an initial analysis about the malware. The report claims about the connection between “Crisis” and an Italian firm. This firm markets an espionage toolkit to national law enforcement intelligence agencies. Like any true Trojan, “Crisis” tricks the users to infect their Mac by themselves.
    According to Symantec, social engineering to be installed is that the infection vector may primarily rely on. Here the fact that no vulnerability is applied along with the threat.
    Trying to hide from security software, the malware installs a rootkit. “Crisis” also deals with OS X's Activity Monitor as another lay-low tactic. This utility connects with the operating system that reflects whole working processes including memory volume consumed.
    Occurring on a Mac, the malware spies on a pair of instant messaging clients, MSN and Adium Messenger, Firefox and Safari browsers as well as Skype. The malware captures all the data transmitted by each of the program. This data includes URLs from the browsers, messages from the MSN and Adium Messengers and also audio from Skype. “Crisis” is able to steal contacts from the address book of the PC, take the current Firefox and Safari screenshots, and turn on built-in microphone and webcam in order to listen and watch and record keystrokes.
    According to Intego, whole data gathered by “Crisis” is transmitted to a single command-and-control server. As some of the “Crisis” code originated with commercial spying software, the malware was called "a very advanced and fully-functional threat”.
    The Italian firm Hacking Team that specializes in "offensive security” is the marketer of that Remote Control System (RCS). According to the company the software is sold only to national law enforcement intelligence agencies.
    According to Hacking Team, RCS "is a solution designed to evade encryption by means of an agent directly installed on the device to monitor" and is "the hacking suite for governmental interception". The software is used worldwide and can monitor a huge number of infected smartphones and computers at a time.
    RCS costs 200,000 euro, according to David Vincenzetti’s interview to the Sydney Morning Herald. The cost of the product excludes the possibility of its usage by average hackers.

GetAV.org