Just as Mac OS X Mountain Lion is going live, security firm Sophos has identified a nasty piece of Mac malware.
The malware, known as Crisis and Morcut, arrived via a file named “AdobeFlashPlayer.jar.” The “jar” in this case refers to “Java archive” and are just a ZIP file by another name, according to Sophos. In this case, opening the file will unleash a .class file named WebEnhancer, and “two unassuming-looking files named win and mac.” The “mac” is an installer for Crisis or Morcut
However, the good news is that the WebEnhancer applet will trigger the digital signature alert below:
The researcher warns, though, that the malware doesn’t necessarily have to be delivered via a “.jar” file — that’s just the way it came about in this case. If you do download Morcut/Crisis, then beware. According to Sophos, “Morcut has kernel driver components to help it hide, a backdoor component which opens up your Mac to others on your network, a command-and-control component so it can accept remote instructions and adapt its behaviour, data stealing code, and more.”
Sophos warns Mac users not to assume that they’re safe from malware attacks. Indeed, such threats have been on the rise as the platform has grown in popularity. Another piece of advice is to uninstall Java if you don’t need it. “That leaves one less convenience for malware writers.”
Original Article Link: http://mashable.com/2012/07/25/mac-malware-alert-mountain-lion/