More Mac DNS changing malware uncovered

Share this article:
A number of new DNS changing trojan variants are making the rounds on the Mac OS X, where they pose as legitimate software downloads, researchers said Monday.

Ivan Macalintal of anti-virus firm Trend Micro said Monday that he has recently discovered two new strains of the JAHLAV family of malware. In this case, the variants masquerade as a download for the Foxit Reader PDF viewer and several anti-virus products.

But if users click to download the bogus applications, they are hit with a trojan that enables attackers to change victims' DNS settings and redirect them any place on the web that they please, Macalintal told SCMagazineUS.com. That means bringing unsuspecting users to phishing sites or sites hosting additional exploits.

The new discoveries underscore the continued rising wave of Mac malware, especially threats posing as genuine software, he said.

"We can definitely say the myth of [the Mac OS X] being secure [from all threats] is out of the question these days," he said. "It's advisable for Mac users to not exactly be as paranoid as Windows users, but they should be on the safe side."

Most Mac DNS changing malware rests on software download and pornographic sites, Macalintal said. As such, users should avoid surfing to untrusted destinations on the web.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.