More Mac DNS changing malware uncovered

Share this article:
A number of new DNS changing trojan variants are making the rounds on the Mac OS X, where they pose as legitimate software downloads, researchers said Monday.

Ivan Macalintal of anti-virus firm Trend Micro said Monday that he has recently discovered two new strains of the JAHLAV family of malware. In this case, the variants masquerade as a download for the Foxit Reader PDF viewer and several anti-virus products.

But if users click to download the bogus applications, they are hit with a trojan that enables attackers to change victims' DNS settings and redirect them any place on the web that they please, Macalintal told SCMagazineUS.com. That means bringing unsuspecting users to phishing sites or sites hosting additional exploits.

The new discoveries underscore the continued rising wave of Mac malware, especially threats posing as genuine software, he said.

"We can definitely say the myth of [the Mac OS X] being secure [from all threats] is out of the question these days," he said. "It's advisable for Mac users to not exactly be as paranoid as Windows users, but they should be on the safe side."

Most Mac DNS changing malware rests on software download and pornographic sites, Macalintal said. As such, users should avoid surfing to untrusted destinations on the web.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

RSA fraud report examines August phishing trends

Phishing is down 22 percent from July to August, but U.S. banks experienced an increase in phishing volume.

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.