New Mac malware discovered, hours before Mountain Lion release

Just hours before the release of Mountain Lion, the latest version of the OS X operating system, new malware has been discovered, highlighting the need for Apple Mac users to protect their computers with anti-virus software.

Sophos researchers have discovered that the new Morcut Mac OS X malware, also known as "Crisis", has been distributed as part of a multi-platform attack, designed to hit both Windows and Mac users - embedded in an archive file that pretends to be Adobe Flash Player.

The threat, which has not yet been seen in the wild, is complex - and when run on an OS X system, drops multiple components, reconfigures system settings and installs a backdoor and rootkit combination that connects to a remote server and waits for instructions from malicious hackers.

When run on Windows systems, a version of the Swizzor malware is installed instead.

"While analysis of this malware is ongoing, Mac users are protected if they are running a good, up-to-date anti-virus," says Brett Myroff, CEO of Sophos distributor, NetXactics.

"This threat has not been seen in the wild so far, but we are seeing increasing evidence of cyber criminals exploiting the fact that many Mac users still do not protect their computers. There is much less malware for Macs than there is for Windows, but that doesn't mean it's non-existent. If Mac users are too laid back about security, they are asking for trouble."

SophosLabs experts are continuing to analyse the Morcut malware, and warn that even if the threat does not break into the wild, the techniques it uses could be deployed by other malicious hackers in the future.

Sophos products detect the various components used in the attack as Troj/JVDrop-A, Mal/Swizzor-D and OSX/Morcut-A.

Sophos' anti-virus for Mac home users is available free from http://www.sophos.com/freemacav.