Clearly OSX/Morcut-A was created with spying in mind, as its code includes hooks to control/monitor the following operations:
- mouse coordinates
- instant messengers (for instance, Skype [including call data], Adium and MSN Messenger)
- internal webcam
- clipboard contents
- key presses
- running applications
- web URLs
- internal microphone
- calendar data & alerts
- device information
- address book contents
In short, if this malware managed to infect your Mac computer it could learn an awful lot about you, and potentially steal information which could read your private messages and conversations, and open your email and other online accounts.
Fortunately, we haven’t seen Morcut in the wild. At the moment the threat is low. However, the complexity of the malware is yet another indication that malware on the Mac is becoming more serious – and designed to make money at your expense.
Fortunately, if you are a home user, there is award-winning free anti-virus software for your Mac available. And yes, it works on Mountain Lion too. :)
By the way, if you’re curious about where the name “Crisis” came from, it’s a name which appears inside the malware’s code.
As far as we can tell, the author appears to have wanted his malware to be called “Crisis”.
However, there is some history and tradition in the computer security industry of not stroking the malware creator’s ego and deliberately ignoring their suggestion as to how their Trojan horse or virus should be named.
We’re delighted not to call the malware “Crisis”, but OSX/Morcut instead.Follow @gcluley
Webcam spying image from Shutterstock.