New Mac Trojan hints at ties to high-priced commercial hacking toolkit
French security firm Intego discovered a new Mac Trojan horse this week that is being used to target specific individuals.
The Trojan, dubbed "Crisis" by Intego -- a Mac-only antivirus developer -- and called "Morcut" by Sophos, is espionage malware that spies on victims using Mac instant messaging clients, browsers and Skype, the Internet phoning software.
According to Intego, which published an initial analysis on Tuesday and has followed up with more information since then, Crisis sports code that points to a connection with an Italian firm that sells a $245,000 espionage toolkit to national intelligence and law enforcement agencies.
From all indications, Crisis, like any true Trojan, does not exploit a vulnerability, but instead relies on trickery to convince the user to self-infect his or her Mac.
"We believe that the infection vector may rely primarily on social engineering to be installed and at this point in time there is no reason to believe there is a vulnerability being used in conjunction with the threat," said Symantec in a post to its security response team's blog yesterday. Read more...