Malware which is infectious to both Windows and Mac users has been detected.
According to research by Intego, the rootkit OSX/Crisis is only detected by 27 out of 45 scanners according to VirusTotal and is capable collecting anything from audio and pictures to screenshots and keystrokes.
Intego claimed that this is a new variant of Hacking Team’s spyware “Remote Control System” and it is commonly used in targeted attacks and it uses low-level system calls to deploy the spyware and an obfuscated backdoor using MPress packer to avoid anti-virus detection.
Symantec detected it in 2012 with low exploitation and distribution levels, but the capability to cause “medium” damage.
TK Keanini, CTO of Lancope, said: “The interesting difference between the two platforms is the user base. For years OSX has appealed to a user community that has experienced less abuse from the internet but all that has changed in the past couple years. With less experience in dealing with security related issues, this community is also far more prone to being fooled into downloading untrusted software.
“It is this user level vulnerability that differentiates the two platforms since any computing device given enough research can be compromised. The design of security is highly asymmetric in that it must be highly usable to the good guys and simultaneously unusable to the bad guys. With advanced threats, the game is not to comprise the machine, it is to remain undetected. You should be asking yourself, if this happened to me or one of my networked computers, how would I know in a timely manner? If you can answer that question well, I’ll bet you have already been compromised.”
