Mac users hit with fake installer and SMS fraud
Posted on 13.12.2012
Malicious installers of the Trojan.SMSSend malware family have, until now, targeted Windows users, but researchers from Russian security company Doctor Web have now unearthed a new variant aimed specifically at Mac users.

This new variant mimics the behavior of previous ones. After getting downloaded and run by the victims who believe they are about to install legitimate software - in this case VKMusic 4 for Mac - the malware presents to them what seems to be a typical installation wizard.

To activate the software, users are urged to enter their mobile phone number, click on the "Send me an SMS" button, then enter the code they receive via SMS into the appropriate field (click on the screenshot to enlarge it):

"But by performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis. Such installers usually contain meaningless data or the programs they are supposed to install, which in fact can be downloaded from official sites of their developers free of charge," Dr. Web researchers explain the scheme, and warn users to be wary of installing programs that require them to enter their phone number or send a text message.

As a side note that will be interesting to other malware researchers, the malicious installer has been created with and is being distributed via ZipMonster, a well-known Russian-language affiliate program.

UPDATE: Apple has added the definitions for the Trojan.SMSSend.3666 to its "Xprotect.plist" blacklist. OS X malware tools are updated daily, so the majority of users is now protected from this Trojan variant.


eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Dec 18th