Mac security company Intego has discovered a new Trojan called “OSX/Crisis” (nice name). It works in OSX versions 10.6 (“Snow Leopard”) and 10.7 (“Lion”). There is no word on whether it works on 10.8 (“Mountain Lion”), which is available for purchase from the Mac App Store today.
The worrying feature of this Trojan is that it installs silently, without requiring a password. Intego says that the Trojan hasn’t been spotted in the wild yet and so is considered a low level threat.
Users of Intego’s VirusBarrier software are protected. It would appear that you can check whether you have been infected by looking for a specific folder that the Trojan installs:
- Go to the Finder.
- Select Go to Folder… from the Go menu.
- Type ‘/Library/ScriptingAdditions/appleHID/’ in the field labelled ‘Go to the folder:’.
- Click the Go button.
- If the Finder opens a folder of that name, you’re infected. When we get information on how to remove the Trojan (other than buying Intego’s VirusBarrier), we’ll post it here.
(Photo of viruses from www.digital-delight.ch.)