Malware

A new piece of adware opens door to Trojans on OS X

Security researchers have discovered adware which affects OS X and could be used as a doorway for Trojans.

Researchers from Dr Web, a Russian anti-malware company, found a kind of adware, titled Adware.Mac.WeDownload.1, with a modified version of Adobe Flash player. The adware was discovered on a wedownload.com domain

When the program is launched, Adware.Mac.WeDownload.1 asks the user for administrator privileges to install Flash Player, allowing it a great deal of control over the user's system.

It then sends requests to three command and control servers to get data for the application window. If the adware gets a response, it sends the servers a POST request with the downloaders data.

When this is done Adware.Mac.WeDownload.1 will receive programs that may include malware. Dr Web lists these as including Program.Unwanted.MacKeeper, Mac.Trojan.Crossrider, Mac.Trojan.Genieo, Mac.BackDoor.OpinionSpy, various Trojans belonging to the Trojan.Conduit family and others.

According to Softpedia, a tech news outlet, “the type of applications a victim receives to install depends on their geographical coordinates, which is a twist in regular adware strategy, which usually tries to achieve a quota of installations before moving to the next malicious app in its queue”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.