First fake-installer Trojan for OS X spotted in the wild

By on December 12, 2012, 4:30 PM

Mac OS X users don't typically have to worry about malicious software, but with the platform’s popularity on the rise we’re starting to see more and more malware targeting Apple’s operating system. Just this week researchers at Russian anti-virus company Doctor Web discovered what they believe is the first fake installer for OS X, which disguises itself as the installer for a popular Russian application called VKMusic4, and attempts to monetize the attack by having users enter their mobile phone numbers for the purpose of “activation.”

Indeed, upon receiving the code by SMS users will be able to ‘activate’ the software and finish the installation, or in some cases the installer might not work at all. In either case what they’ll find out later is that messages will keep coming on a regular basis and a fee will be debited each time from their mobile phone accounts.

The attack in question is dubbed Trojan.SMSSend.3666 and is being distributed under a rogue affiliate program known as ZipMonster that helps fraudsters craft fake installers and monetize their attacks.

Though it may be obvious to anyone who knows its way around a computer, the best defense from these types of scams is to always download software only from trusted sources or from the developers themselves. There’s no mention of whether Lion and Mountain Lion’s Gatekeeper is able stop the installer in its tracks, though it should be the case with the default setting preventing unsigned code from being executed.




User Comments: 7

Got something to say? Post a comment
cliffordcooley cliffordcooley, TechSpot Paladin, said:

I'm not a Mac user but I wouldn't wish this crap on anyone. What I do wish for is the creator of this virus to choke on their food tonight.

Guest said:

Those who first start's to sell "cure" for this "trojan" are most likely the one who made them actually!

9Nails, TechSpot Paladin, said:

SMS based fee's are totally bogus. I wonder if there's a way to prevent such activities?

PinothyJ said:

Those who first start's to sell "cure" for this "trojan" are most likely the one who made them actually!

Proof or GTFO...

jobeard jobeard, TS Ambassador, said:

Proof or GTFO...

take it easy - - he's allowed his opinion just as you are. That line of reasoning has been with PCs since the first A/V software arrived and has good empirical data (eg how to find, work out a fix and get it distributed in one-two days if one is not familiar with the details in the first place? Yea, we all know about boy wonders and how good they are - - but the implications are irresistible.)

SMS based fee's are totally bogus. I wonder if there's a way to prevent such activities?

Personally, I disdain an installer that needs another media to get the product installed/activated.

When you're on a PC, the there are sufficient means to complete any task - - same when you're on your cellphone. When / If I see this behavior, I abort the install and look for another product.

RubinOnRye RubinOnRye said:

Those who first start's to sell "cure" for this "trojan" are most likely the one who made them actually!

Proof or GTFO...

Wow your retarded. He didn't state a fact but rather an opinion. chill out dude.

Guest said:

Will techspot forum also open tech support/malware removal for user with infected mac? :)

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.