also known as OSX/Morcut
- Trojan Horse
- Mac OS X
- Last updated:
- 02/09/16 9:14 pm
- Threat Level:
Crisis is a Trojan horse that creates a backdoor on infected systems. Also known as Morcut, Crisis was first discovered in 2012, with subsequent variants appearing in the years to follow.
Crisis comes in the form of an illegitimate Adobe Flash Player installer. If installed, Crisis takes steps to achieve persistence (the ability to survive reboots), and then performs several actions, the nature of which depends on whether or not the Trojan was launched with administrative permissions. On a system which has launched Crisis from an Admin user’s account, it installs a “rootkit”: specialized software designed to allow a third party to remotely control another computer without being detected. In all cases, the malware establishes a connection with a remote command and control server and checks in regularly to receive instructions.
Crisis has an impressive set of features, including the ability to conceal itself, collect user location data, take screenshots, and record audio and video. The Trojan only seems to affect older macOS versions, including 10.5 (Leopard), 10.6 (Snow Leopard), and 10.7 (Lion).
Crisis Threat Removal
MacScan can detect and remove Crisis Trojan Horse from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat.