More Mac DNS changing malware uncovered

Share this article:
A number of new DNS changing trojan variants are making the rounds on the Mac OS X, where they pose as legitimate software downloads, researchers said Monday.

Ivan Macalintal of anti-virus firm Trend Micro said Monday that he has recently discovered two new strains of the JAHLAV family of malware. In this case, the variants masquerade as a download for the Foxit Reader PDF viewer and several anti-virus products.

But if users click to download the bogus applications, they are hit with a trojan that enables attackers to change victims' DNS settings and redirect them any place on the web that they please, Macalintal told SCMagazineUS.com. That means bringing unsuspecting users to phishing sites or sites hosting additional exploits.

The new discoveries underscore the continued rising wave of Mac malware, especially threats posing as genuine software, he said.

"We can definitely say the myth of [the Mac OS X] being secure [from all threats] is out of the question these days," he said. "It's advisable for Mac users to not exactly be as paranoid as Windows users, but they should be on the safe side."

Most Mac DNS changing malware rests on software download and pornographic sites, Macalintal said. As such, users should avoid surfing to untrusted destinations on the web.

Share this article:

Sign up to our newsletters

More in News

New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.