New Mac malware intercepts e-mails, instant messages

Progressive technology has always come to face with sophisticated detractors, and a new Mac malware that has been discovered is just as worryingly sophisticated. As per latest reports, a new Mac malware, which Kaspersky Lab calls Backdoor.OSX.Morcut is capable of intercepting e-mail and instant message communications. Simply put, if the malware manages to infect a Mac, then it turns it into a spy.


As per a post on Naked Security, the malware can control operations of a system, which include mouse coordinates, instant messengers (for instance, call data at Skype, Adium and MSN Messenger), location internal webcam, clipboard contents, key presses, running applications, web URLs, screenshots, internal microphone, calendar data and alerts, device information, and address book contents. Needless to add, a malware managing to gain access to such controls on your Mac can wreak havoc, since it will allow it to steal your information, read through your private and confidential details, check your emails, et al. 


What is even worrying is that the malware is not affected by reboots, which means unless it is removed, it will run. The post adds, "Depending on whether or not the dropper runs on a user account with Admin permissions, it will install different components. We have not yet seen if or how this threat is installed on a user’s system; it may be that an installer component will try to establish Admin permissions.If the dropper runs on a system with Admin permissions, it will drop a rootkit to hide itself. In either case, it creates a number of files and folders to complete its tasks. It creates 17 files when it’s run with Admin permissions, 14 files when it’s run without. Many of these are randomly named, but there are some that are consistent."


Duqu linked to server in Mumbai

New Mac malware capable of spying upon infection



It has been found though that the threat isn't widespread at the moment. That, however is only a temporary respite, for its discovery itself is worrying. A post on the malware on Intego has indicated that the malware installs silently and does not require a password. The post further added that it works only in OSX versions 10.6 and 10.7 – Snow Leopard and Lion. An update to the post reveals that the threat may run on Leopard 10.5, although it is known to crash on it. It does not run on the new Mountain Lion 10.8. 


Intego reiterates the fact that at the moment the malware is a low-risk one, since it hasn't been spotted in the wild, nor has it been known to have infected any user system yet. 

Published Date: Jul 28, 2012 02:34 pm | Updated Date: Jul 28, 2012 02:34 pm