A new computer virus, called Crisis, targeting Apple Macs, has been discovered on the same day as Mac OS X Mountain Lion is launched.

Crisis/Morcut Malware

Once installed, the malware - also known as Morcut - can open your Mac up to other computers on your network, allow it to be contolled by a remote server and steal data from your computer.

Malware targeting the Mac OS X platform has been very rare until recently, but with the explosion in the popularity of Macs, and in particular Apple's laptops, cybercriminals now feel this platform is worth exploiting.

We recently saw the Flashback malware infect 600,000 Macs around the globe and now security company Sophos has discovered a new piece of malware targeting Apple's desktop software, on the same day as the company launches the latest version, called Mac OS X Mountain Lion.

The new malware is known variously as Morcut or Crisis and a sample was sent to SophosLabs recently. The company is still unpacking its features, but one of the most interesting things about it, is the way it is delivered.

The malware is downloaded in a file called AdobeFlashPlayer.jar. A JAR file, standing for Java Archive, is essentially a ZIP file for the Java platform. It contains all the programming libraries, configuration data, images and other supporting stuff a Java program needs.


Inside this malicious file is a .class file called WebEnhancer, which has nothing to do with web browsing, but is implemented as an applet, which is a special sort of Java program that runs inside a Java-enabled browser.

Also inside the malicious JAR file are files named win and mac which are the installers for Windows and Mac malware. This is an increasingly common phenomenon where a single malicious file is designed to be able to attack both Windows and Mac OS X-based computers.

Preliminary investigation has shown that the Morcut/Crisis malware has components to help it hide, a backdoor component which opens up your Mac to others on your network, a command-and-control component so it can accept remote instructions and adapt its behaviour, data stealing code, and more.

Sophos provides a free Anti-Virus for Mac Home Edition which doesn't feature any form of registration, password or expiry date.

While sales of Apple Macs remained stagnant in the last quarter at 4 million units, the release of Mac OS X Mountain Lion in conjunction with refreshed MacBook Airs and the next generation MacBook Pro with Retina Display will see a boost in sales in the current quarter - making the platform more appealing to cybercriminals.