Incident Response, Malware, TDR, Vulnerability Management

Trojan targets Mac users

Apple users, your days of worry-free web surfing could be numbered. A Mac internet security and privacy software maker has discovered what is believed to be the first professionally crafted in-the-wild malware targeting the Mac operating system.

The trojan, a DNS changer that can be used to hijack search results and divert traffic to the hacker's website of choosing, has been spotted on numerous pornography sites, according to Intego. Attackers have attempted to navigate users to the malicious sites through comment spam posted to Mac forums. The trojan masks itself as a QuickTime plug-in.

Security experts said the discovery is proof that cybercriminals are beginning to consider the Mac a financially viable vector for attack. Alex Eckelberry, president of Sunbelt Software, said hackers likely were spurred on by the release of the iPhone and iPod Touch, which generated millions of new Mac OS X users.

"The economic motivation for the Mac has reached the tipping point," he told today. "The Mac is emerging as a more widespread platform in general. I think Mac users need to get off their complacency about Macs being safe."

According to Intego, the trojan masks itself as a link to download a new version of codec, which claims to allow victims to view porn movies. If users try to download the codec, a page loads and if the they checked "Open safe files after downloading" in Safari's general preferences setting, the "install" function will launch and the trojan can be downloaded.

Once running, the trojan will change Mac's DNS server settings to allow attackers to hijack web requests and attempt to lead users to phishing sites for popular destinations such as eBay and PayPal, according to Intego.

None of 31 anti-virus engines analyzed by Virustotal detected the malware, Eckelberry said on his blog.

He told that similar threats are on the horizon.

"It is the start of something," Eckelberry said.

Last year a proof-of-concept virus appeared that spreads via the iChat instant messaging system.

An Apple spokeswoman did not return a call for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.