Intego, company that provides antivirus and security tools for Apple’s Mac operating system, announced yesterday that it uncovered a new Trojan that targets Mac OS X 10.6 Snow Leopard and Mac OS X 10.7 Lion. Intego named the newly discovered threat as OSX/Crisis and explained that it installs silently, without needing a password, and uses low-level system calls to hide its activities. The Trojan will remain on the system until it is removed; simply rebooting the system will not get rid of the threat.

OSX/Crisis, Intego added, is a dropper that creates a backdoor when it’s run. This backdoor component will attempt to contact the IP address 176.58.100.37 every 5 minutes; it does this in order to get instructions.

“Depending on whether or not the dropper runs on a user account with Admin permissions, it will install different components,” explained Intego’s Lysa Myers. “If the dropper runs on a system with Admin permissions, it will drop a rootkit to hide itself. In either case, it creates a number of files and folders to complete its tasks. It creates 17 files when it’s run with Admin permissions, 14 files when it’s run without,” Myers added.

The good news is that the OSX/Crisis Trojan has not been spotted in the wild and there are no reports of it infecting Mac OS X Snow Leopard or Lion users. For this reason Intego deemed this threat to be a low risk one.

To be safe, Intego updated its VirusBarrier X6 security solution so that it detects the OSX/Crisis Trojan. Or to put it in other words, definitions for the newly uncovered threat have been releases so that VirusBarrier X6 can detect and protect users from this threat. If you’re already using VirusBarrier X6, update the security solution as soon as possible to ensure your system is protected. If you’re not using VirusBarrier X6, it’s a good idea to start now. You can find out more about it here.