Skip to main content

trojan

See All Stories

Mac-specific trojan injects ads into webpages – including Apple’s site

Site default logo image

TNW reported on a new trojan discovered by Russian website Doctor Web that installs adware on Macs running all three of most popular browsers: Safari, Firefox and Chrome. Doctor Web demonstrated that the Trojan.Yontoo.1 plugin can display ads on any site by showing it in action on Apple’s own website.

Yontoo5-730x401

Many Mac owners still believe that OS X is immune to viruses and trojans. While it’s true the platform is well protected, a large part of the relative immunity enjoyed by Mac owners has simply been down to blackhat economics: when there were many more Windows machines around than Macs, it was less worthwhile for attackers to target Macs. As the popularity of Macs has grown, however, the platform has made an increasingly attractive target.

The trojan cannot install itself and instead relies on tricking users into downloading and installing it.

This particular trojan can get onto your Mac in multiple ways. Criminals have so far used movie trailer pages that prompt users to install a browser plugin, a media player, a video quality enhancement program, or a download accelerator. In other words, the usual schemes we’ve seen on Windows.

Once installed, the plugin sends details of the webpages you visit back to a server controlled by the bad guys and uses that info to insert relevant ads. The Apple example above shows just how slickly this can be done. On a less-familiar site, a visitor could easily see the ad as part of the site.

As ever, the advice here is to only ever download known plugins from the official sites. Never accept an invitation to download anything from a website unless you know it to be a site you can trust. We’d be surprised if many 9to5Mac readers fell victim to this, but if you have family members using your Mac who might not be as careful, Intego VirusBarrier has updated its definitions to include it.

Site default logo image

Apple updates OS X malware definitions for new fake-installer/SMS trojan

SMSSend.3666

MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as “TrojanSMSSend.3666”, Apple has now updated its “Xprotect.plist” blacklist to allow OS X to detect and alert the user if downloaded:

Apple has moved quickly to address the threat, adding definitions for the malware to its “Xprotect.plist” blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009. In its original incarnation, users were required to update definitions manually, but as malware threats against OS X grew, Apple last year instituted automatic daily checks to keep users’ systems updated.

Site default logo image

Apple softens its language on Virus susceptibility in wake of Flashback trojan

After Apple released a patch to a Java vulnerability that lead to the infection of roughly 600,000 Macs with the Flashback Trojan earlier this year, there were claims weeks later from security researchers that hundreds of thousands of Macs were still infected. Kaspersky’s CEO claimed Apple is “now entering the same world as Microsoft has been in for more than 10 years.” Now, as noted by PCWorld, Apple appears to be publicly changing its longstanding stance that “it doesn’t get PC viruses.” The statement on Apple’s “Why you’ll love a Mac” website now reads: “It’s built to be safe” (as you can see in the comparison screenshots above).

Another statement on the website switched from “Safeguard your data. By doing nothing” to “It’s built to be safe.” Following the Flashback incident, Kaspersky claimed in April that Apple is “ten years behind Microsoft in terms of security,” and he “expects to see more and more” malware on Macs.

Cyber criminals have now recognised that Mac is an interesting area. Now we have more, it’s not just Flashback or Flashfake. Welcome to Microsoft’s world, Mac. It’s full of malware….Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on,” he added. “We now expect to see more and more because cyber criminals learn from success and this was the first successful one…. They will understand very soon that they have the same problems Microsoft had ten or 12 years ago”