Mac users hit with fake installer and SMS fraud
Posted on 13.12.2012
Malicious installers of the Trojan.SMSSend malware family have, until now, targeted Windows users, but researchers from Russian security company Doctor Web have now unearthed a new variant aimed specifically at Mac users.

This new variant mimics the behavior of previous ones. After getting downloaded and run by the victims who believe they are about to install legitimate software - in this case VKMusic 4 for Mac - the malware presents to them what seems to be a typical installation wizard.

To activate the software, users are urged to enter their mobile phone number, click on the "Send me an SMS" button, then enter the code they receive via SMS into the appropriate field (click on the screenshot to enlarge it):

"But by performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis. Such installers usually contain meaningless data or the programs they are supposed to install, which in fact can be downloaded from official sites of their developers free of charge," Dr. Web researchers explain the scheme, and warn users to be wary of installing programs that require them to enter their phone number or send a text message.

As a side note that will be interesting to other malware researchers, the malicious installer has been created with and is being distributed via ZipMonster, a well-known Russian-language affiliate program.

UPDATE: Apple has added the definitions for the Trojan.SMSSend.3666 to its "Xprotect.plist" blacklist. OS X malware tools are updated daily, so the majority of users is now protected from this Trojan variant.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th