Some people over the years have been convinced to buy Apple products and computers solely because they think they are invulnerable to viruses, malware, spyware, etc. Most of us in the know have learned and just plain know better. For those lulled in to a false sense of security that comes with that glowing apple logo, a reality check has come. And its name is Morcut (also known as Crisis).
The timing was almost perfect for it to be wide spread, as it occurred the very night before OSX Mountain Lion was due to be released! Talk about timing, eh? It appears to be cross platform as well, impacting Windows users as well. Double trouble! Here’s what you need to know about it:
“We’re still digging into the details of the malware itself, but the delivery mechanism is interesting,” reports Sophos.com “The malware package arrived in a file named AdobeFlashPlayer.jar. JAR stands for Java Archive. JAR files, which are structurally just ZIP files with a special name, are used as a standardized way of packaging and delivering Java software.”
Inside archive AdobeFlashPlayer.jar are a couple notable files. The first and most “interesting” file is a .class file named WebEnhancer, Then there are two files named win and mac. This is what makes this particular piece of Malware cross platform, which was definitely the ultimate goal of the creator. In that, it uses the WebEnhancer program, which by the way has zero to do with internet browsing, to determine whether you using either a Windows OS or Mac OS X. From there it chooses and executes either the the win and mac files.
“Morcut has kernel driver components to help it hide, a backdoor component which opens up your Mac to others on your network, a command-and-control component so it can accept remote instructions and adapt its behavior, data stealing code, and more” says sophos.com
As far as threat levels and saturation goes, Intego.com has “found samples of this malware on the VirusTotal website” but according to them, there hasn’t been a notable amount of cases of this being found “in the wild” or on the average user’s computer at this time. Currently it is being listed as a “low risk” with TrendMicro.
A lot of Windows users may be used to these kinds of threats and keeping up on them is second nature. Heck, the fact no one is talking about it outside of the fact it can infect Mac users tells you that. We run routine checkups, keep anti-virus programs running and updated, but this is a whole new thing for Mac users. While viruses and malware are not new, the wide spread risk is. Normally the percentage of users is small enough most code writers never bothered to target users of OS X and the like. That’s not the case anymore.
Apple and OS X use is on the rise and with that, users become a larger target. This latest threat just shows that code writers have discovered exploits and gained ease of access impact users of both Windows and OS X operating systems simultaneously. Time to wake up, Apple customers. Start using anti-virus programs and malware blockers because these “Blackhats” are looking in your direction now, too.
Do you have any specific security practices you suggest specifically for Mac users? Will any of you Mac users be changing your habits with this new information, and if so, how? Let us know in the comments!