Calisto

Calisto is a trojan infecting devices running macOS. The trojan attempts to disguise itself as Intego's security solution for Mac and during the installation process, the user is prompted to agree to a license agreement. Once the user clicks "Agree", they will be prompted to enter their macOS credentials. At this point, the user receives an error message indicating the software was unable to be installed. In the background, the trojan continues to install and gains a foothold on the system. Calisto gathers information on the infected system and sends the data to it's command-and-control server, and enables remote access to the system and screen sharing. Calisto cannot, however, bypass Apple's System Integrity Protection (SIP); therefore, those with SIP enabled are protected against this trojan.

Reporting and Technical Details

  • IBM X-Force provides technical details on the Calisto trojan, here.
NJCCIC