Ivan Macalintal of anti-virus firm Trend Micro said Monday that he has recently discovered two new strains of the JAHLAV family of malware. In this case, the variants masquerade as a download for the Foxit Reader PDF viewer and several anti-virus products.
But if users click to download the bogus applications, they are hit with a trojan that enables attackers to change victims' DNS settings and redirect them any place on the web that they please, Macalintal told SCMagazineUS.com. That means bringing unsuspecting users to phishing sites or sites hosting additional exploits.
The new discoveries underscore the continued rising wave of Mac malware, especially threats posing as genuine software, he said.
"We can definitely say the myth of [the Mac OS X] being secure [from all threats] is out of the question these days," he said. "It's advisable for Mac users to not exactly be as paranoid as Windows users, but they should be on the safe side."
Most Mac DNS changing malware rests on software download and pornographic sites, Macalintal said. As such, users should avoid surfing to untrusted destinations on the web.