Low-risk Mac Trojan poses as legit media downloader
A new Trojan that targets Apple's OS X platform poses as a legitimate application that can be used to download audio and video.
This week security firm Intego warned users about the new Trojan, which it considers to be a "low-risk" threat. The Trojan disguises itself as VKMusic App, which, in its legitimate form, is used to download audio and video from sites like YouTube and Vimeo.
The Trojanized app bundle is a large 48-megabyte download padded with extraneous zeroes to reach that file size. The threat is considered low-risk because users must install it, enter their mobile phone number, and then reply to an SMS text with a confirmation code.
The threat, identified as OSX/SMSMonster.A, is blocked by Apple's Gatekeeper built in to OS X 10.8 Mountain Lion, as well as Intego's VirusBarrierX6.
This week security firm Intego warned users about the new Trojan, which it considers to be a "low-risk" threat. The Trojan disguises itself as VKMusic App, which, in its legitimate form, is used to download audio and video from sites like YouTube and Vimeo.
The Trojanized app bundle is a large 48-megabyte download padded with extraneous zeroes to reach that file size. The threat is considered low-risk because users must install it, enter their mobile phone number, and then reply to an SMS text with a confirmation code.
The threat, identified as OSX/SMSMonster.A, is blocked by Apple's Gatekeeper built in to OS X 10.8 Mountain Lion, as well as Intego's VirusBarrierX6.
Comments
Hey, I get to repeat an old adage!
"If it can't be played by QuickTime or VLC, it isn't worth watching."
is blocked by Apple's Gatekeeper
This is the state of Apple malware: it's too stupid to even get past the company's passive barriers.
Quote:
Originally Posted by Tallest Skil
Hey, I get to repeat an old adage!
"If it can't be played by QuickTime or VLC, it isn't worth watching."
This is the state of Apple malware: it's too stupid to even get past the company's passive barriers.
on the contrary, very smart.
They knew that Apple would likely sort out that the software wasn't what they said and reject it. So they gambled on enough folks not having the whole "app store and certificates only" on or being stupid enough to override the block and install it anyway.
And they are likely right and will get enough verified mobile numbers to make the attempt worth it. Just like the folks phishing for credit cards with the whole MacProtector crap.
Originally Posted by charlituna
They knew that Apple would likely sort out that the software wasn't what they said and reject it. So they gambled on enough folks not having the whole "app store and certificates only" on or being stupid enough to override the block and install it anyway.
That's on by default. Meaning you have to be smart enough to turn it off for this to affect you, meaning you're smart enough not to install it.
Originally Posted by Phone-UI-Guy
And to think that you don't even need an app to pull videos off of youtube. You only need an iOS user agent and a docklet to grab the stream and save it to a file.
Or Click2Flash and something that can right-click.