Low-risk Mac Trojan poses as legit media downloader

Posted:
in macOS edited January 2014
A new Trojan that targets Apple's OS X platform poses as a legitimate application that can be used to download audio and video.

Trojan


This week security firm Intego warned users about the new Trojan, which it considers to be a "low-risk" threat. The Trojan disguises itself as VKMusic App, which, in its legitimate form, is used to download audio and video from sites like YouTube and Vimeo.

The Trojanized app bundle is a large 48-megabyte download padded with extraneous zeroes to reach that file size. The threat is considered low-risk because users must install it, enter their mobile phone number, and then reply to an SMS text with a confirmation code.

The threat, identified as OSX/SMSMonster.A, is blocked by Apple's Gatekeeper built in to OS X 10.8 Mountain Lion, as well as Intego's VirusBarrierX6.

Comments

  • Reply 1 of 5


    Hey, I get to repeat an old adage!


     


    "If it can't be played by QuickTime or VLC, it isn't worth watching."






    is blocked by Apple's Gatekeeper



     


    This is the state of Apple malware: it's too stupid to even get past the company's passive barriers.

  • Reply 2 of 5

    Quote:

    Originally Posted by Tallest Skil View Post


    Hey, I get to repeat an old adage!


     


    "If it can't be played by QuickTime or VLC, it isn't worth watching."


     


    This is the state of Apple malware: it's too stupid to even get past the company's passive barriers.



     


    on the contrary, very smart. 


     


    They knew that Apple would likely sort out that the software wasn't what they said and reject it. So they gambled on enough folks not having the whole "app store and certificates only" on or being stupid enough to override the block and install it anyway. 


     


    And they are likely right and will get enough verified mobile numbers to make the attempt worth it. Just like the folks phishing for credit cards with the whole MacProtector crap. 

  • Reply 3 of 5


    Originally Posted by charlituna View Post

    They knew that Apple would likely sort out that the software wasn't what they said and reject it. So they gambled on enough folks not having the whole "app store and certificates only" on or being stupid enough to override the block and install it anyway. 


     


    That's on by default. Meaning you have to be smart enough to turn it off for this to affect you, meaning you're smart enough not to install it. image

  • Reply 4 of 5
    And to think that you don't even need an app to pull videos off of youtube. You only need an iOS user agent and a docklet to grab the stream and save it to a file. :)
  • Reply 5 of 5


    Originally Posted by Phone-UI-Guy View Post

    And to think that you don't even need an app to pull videos off of youtube. You only need an iOS user agent and a docklet to grab the stream and save it to a file. image


     


    Or Click2Flash and something that can right-click.

Sign In or Register to comment.