More Mac DNS changing malware uncovered

Share this article:
A number of new DNS changing trojan variants are making the rounds on the Mac OS X, where they pose as legitimate software downloads, researchers said Monday.

Ivan Macalintal of anti-virus firm Trend Micro said Monday that he has recently discovered two new strains of the JAHLAV family of malware. In this case, the variants masquerade as a download for the Foxit Reader PDF viewer and several anti-virus products.

But if users click to download the bogus applications, they are hit with a trojan that enables attackers to change victims' DNS settings and redirect them any place on the web that they please, Macalintal told SCMagazineUS.com. That means bringing unsuspecting users to phishing sites or sites hosting additional exploits.

The new discoveries underscore the continued rising wave of Mac malware, especially threats posing as genuine software, he said.

"We can definitely say the myth of [the Mac OS X] being secure [from all threats] is out of the question these days," he said. "It's advisable for Mac users to not exactly be as paranoid as Windows users, but they should be on the safe side."

Most Mac DNS changing malware rests on software download and pornographic sites, Macalintal said. As such, users should avoid surfing to untrusted destinations on the web.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: Stolen card data is crime that concerns Americans most

A recent Gallup Crime poll indicates that Americans' top two worries revolve around having credit card data stolen or their computer or smartphones compromised.

Pirate Bay co-founder found guilty for hacking IT service provider

Gottfrid Svartholm Warg was found guilty of hacking an IT service provider in Denmark. This is his second court case for illegally accessing data.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 ...

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.