A purported spyware application bundled with roughly 30 Mac third-party screensavers is back active after its maker temporarily stopped distributing it.
The software, dubbed OSX/OpinionSpy by Mac security firm Intego, is rated high-risk because it scans files, records user activity and sends that information back to remote servers via a backdoor. Officially known as PremierOpinion, the software is not initially contained in the screensavers but downloaded during installation.
"The malware, a version of which has existed for Windows since 2008, claims to collect browsing and purchasing information that is used in market reports," an Intego blog post said. "However, this program goes much further, performing a number of insidious actions, which have led Intego to classify it as spyware."
Specifically, Intego said, the software runs as root and asks for the administrator's password, opens a backdoor on the victim machine, scans the entire computer, sends data back to servers and upgrades itself automatically, without any user intervention.
"Users have no way of knowing exactly what data is collected and sent to remote servers," the Intego post said. "Such data may include usernames, passwords, credit card numbers and more. The risk of this data being collected and used without users' permission makes this spyware particularly dangerous to users' privacy."
Roman Rusavsky of 7art-screensavers.com, which distributes the screensavers, denied that the company was distributing spyware and said Intego is simply looking to market its anti-virus offerings.
Users can still get the screensaver without installing PremierOpinion, Rusavsky said. The company temporarily removed the software while its disclosure screen was updated to include a link to the license agreement of Premier Opinion, a subsidiary of comScore, a marketing research company.
Intego officials weren't happy to see it return.
"This is especially dishonest," the company said in a Friday blog. "In the first place, distributing spyware is reprehensible, but then pretending to want to placate Mac users by claiming to remove the spyware is doubly so.