As more research goes into it, the Crisis/Morcut OS X malware is more than just a backdoor Trojan, researchers said.
The goal of the malware is to spy on the user, and it does so by monitoring mouse coordinates, instant messenger apps, the built-in webcam and microphone, clipboard contents, pressed keys, calendar data and alerts, address book contents, URLs visited by the user, said researchers at Sophos. It is a very thorough spying tool, they said.
The Trojan also persists after reboots, and keeps in touch with a remote servers for instructions and likely for the exfiltration of the collected information.
Researchers said they still don’t know if the Trojan, which affects the 10.6 and 10.7 versions of OS X, can penetrate the newly released OS X Mountain Lion.
There have been no incidents reported yet, and the signatures for detecting it are already in most Mac AV solutions.