New Mac Malware Listens In On Your Skype ConversationsBy: Zach Walton - July 26, 2012
The one thing I’ve always envied about Mac OS X is that it’s pretty immune to malware and viruses. It’s unfortunate then that the malware that does hit OS X tend to be bigger and badder than your usual malware attack. The latest attack is called OSX/Crisis and its target is your private information.
The guys over at intego discovered OSX/Crisis on Tuesday and have since been investigating what it can do. In short, it’s a nasty piece of work that holds more surprises than initially thought. If you’ve just upgraded to Mountain Lion, you should be safe for now. OSX/Crisis only affects those on Snow Leopard or Lion at the moment.
So how does this malware get inside your Mac? It parades itself as a Java applet for Flash. The first warning sign is that Flash would not be installed by a Java applet. It will also come under the guise of just “adobe.jar” which might indicate that it’s related to Photoshop or one of the other Creative Suite applications. It could be potentially damaging for those who don’t recognize .jar as a java application.
Once inside your computer, this particular piece of malware will get to work on your communications. It will begin spying on your interactions in Adium, Skype, Microsoft Messenger and Firefox. After it has a foothold in these programs, the malware operator can do some pretty nasty stuff:
The malware is built upon a malware package sold in the U.S. and Europe for the purpose of government surveillance. While this particular Mac malware does spy on your conversations, it’s hard to believe that it’s being used by any government. At this point, it’s probably just a small team looking for financial information.
Regardless, it’s always best to protect yourself and your computer. Macs are not immune to malware and you should inspect every downloaded app with the utmost scrutiny. Be especially cautious around files with the .jar extension. The folks at intego believe that OSX/Crisis can be installed through other means, but there has been no evidence of that yet. That’s why it’s best to just remain vigilant.