MacNN | Report: new Mac malware hides as fake software installer
Mac News Network View: Standard | Headlines | Categorized | Slim
Mac News Network
Mac News iPod News Reviews Forums
 

Desktop Headlines
Report: new Mac malware hides as fake software installer
Wednesday, December 12, 2012 @ 1:50am

A Russian security firm with a mixed track record is warning about a new malware threat for the Mac, which masquerades as an installer for various types of software. Doctor Web, who claimed to have discovered the malware, says it is widely available on various sites -- though at present it is targeting Russian Mac users. The Trojan is apparently a Mac variation on a widespread Windows and Android trickware ruse that asks users for their cell number in order to send an activation code by SMS.



According to the report, the Trojan.SMSSend.3666 malware can be found in a repackaged installer from legitimate free software offerings, or can have non-functioning code as its payload. What the malware is after is the cell number, which must be entered to receive the "activation code," which is sent by SMS. When the software returns the activation code by SMS, the user is automatically signed up for an ongoing monthly subscription on their cell bill. The example provided by Doctor Web is an installer for VKMusic 4 Mac, a legitimate app for listening to music from a Russian social network. It is spread so far primarily by a rogue "affiliate program" company called ZipMonster that assists malware writers in monetizing their software. Most Mac users will be able to easily avoid falling for the trickware, should it spread to other regions. No legitimate installers for the Mac use the activation-by-SMS scheme in the installer, and most Mac users would know better than to give out their phone number to an untrusted software installer -- though apparently this practice is more common in the Android community, where apps can come from many sources other than just Google Play, and there is little screening of apps prior to being published. The installers also seem to refer to the Mac as the MAC, which is a common error made by Windows-centric programmers. The scheme is unlikely to work with most Mac users regardless of OS version, but in particular is likely to fail under OS X Mountain Lion and Lion, which sets a default Gatekeeper that prevents unsigned code from being executed. Developers must be registered with Apple, which most professional developers are, in order for installers to run in the default security settings. The controls can be overridden or turned off, but programs are also screened by built-in anti-malware software that is quietly updated. It's not known if Apple has taken any steps to detect and automatically protect from Trojan installers like this one. It can be reasonably expected that the malware makers will also try to perpetrate this scheme in the jailbroken iOS community, since jailbreakers are the only iOS users that can install software from non-Apple sources. Again, however, SMS-based activation is virtually unknown in the iOS world, so it's unlikely the rogue software will gain much of a foothold. In the meantime, however, any software that asks for a cell phone number on installation should be quit and deleted. The genuine VKMusic 4 Mac can be downloaded for free from the service's own website.

Comments on this Article
Print Friendly Version
Email to a Friend
Add MacNN to Your RSS Feeds
Buy from the Apple Store


Related Stories:

Most Recent Stories:

  • Samsung considering leadership change for declining mobile division - 1:13 AM EST
  • Hands On: Learn Guitar (iOS) - 9:24 PM EST
  • OnePlus One heading to Amazon in India, OnePlus store opening in China - 8:58 PM EST
  • Apple gadgets, accessories dominate Time's top 10 for 2014 - 7:55 PM EST
  • Briefly: Korean LG G3 gains Lollipop, More apps support Chromecast - 7:43 PM EST
  • Sony to pay, issue credit to PS Vita buyers to settle FTC claim - 4:09 PM EST
  • Forums: MacBook Pro vs. MacBook Air - 3:40 PM EST

    Today's iPodNN Stories:
  • Samsung considering leadership change for declining mobile division - 1:13 AM EST
  • OnePlus One heading to Amazon in India, OnePlus store opening in China - 8:58 PM EST
  • Briefly: Korean LG G3 gains Lollipop, More apps support Chromecast - 7:43 PM EST
  • Sony to pay, issue credit to PS Vita buyers to settle FTC claim - 4:09 PM EST
  • SolidRun commences pre-orders for CuBoxTV XBMC media center - 12:46 PM EST
  • No comments posted on this story yet. Please post yours.
    Your Comments
    In order to post comments, you must be a registered member of the MacNN Forums and logged in. Please login with your MacNN Forums username and password.

    MacNN Forums Login:

    MacNN Forums Password:

    Not a member of the MacNN forums? Register now for free.