As soon as the new version of MAC OS X version, Mountain Lion was released on the Mac App Store, a new malware also surfaced up. Named as OSX_MORCUT.A, the malware acts as a backdoor into the remote system and gives attackers remote access to the infected systems. The malware is also called ‘Crisis’ by some anti-virus software as the name appears inside the malware’s code. It is created with the motive of spying as it captures audio and video files from the user’s machine.

While most features of MORCUT are similar to backdoor malware, such as searching for files, checking for network connections, downloading and uploading files, executing commands on the affected machine, and uninstalling itself, what is quite peculiar to this malware is the ability to record audio files. This turns an infected Mac system into a surveillance device, trying to steal critical information. Besides recording audio files, the malware’s code includes hooks to control/monitor the following operations:

• mouse coordinates
• instant messengers (for instance, Skype [including call data], Adium and MSN Messenger)
• location
• internal webcam
• clipboard contents
• key presses
• running applications
• web URLs
• screenshots
• internal microphone
• calendar data & alerts
• device information
• address book contents

This clearly shows that MORCUT has been created for spying purpose and steal vital information from the infected computers. Not only this, there are several interesting things about this new malware. Though it surfaced along with the new version of Mac OS X–Mountain Lion, it does not work on it. Instead, it is compatible with only previous versions, including Leopard, Snow Leopard, and Lion. Not sure if this is intentional or some drawback, we are sure that some updates will be soon seen that will attempt to attack Mountain Lion as well.

Cyber threats and malware attacks are progressively expanding these days. Be home network or corporate, everyone is struggling with malware and virus attacks. A recent report by Lookingglass Cyber Solutions suggests that approximately 18 of world’s largest banks are operating with systems infected with serious malware, including Conficker, DNSChanger, and Gameover Zeus, BlackHole Exploit Kit, and Fake AV. Earlier this week, we got a Kindsight Security Labs report stating that about 14 percent of home networks got infected with malware in second quarter of this year. The same report also confirmed Flashback Trojan infecting thousands of Mac OS X systems. The Trojan infected approximately 10% of the home Mac users.