Mac users hit with fake installer and SMS fraud
Posted on 13.12.2012
Malicious installers of the Trojan.SMSSend malware family have, until now, targeted Windows users, but researchers from Russian security company Doctor Web have now unearthed a new variant aimed specifically at Mac users.

This new variant mimics the behavior of previous ones. After getting downloaded and run by the victims who believe they are about to install legitimate software - in this case VKMusic 4 for Mac - the malware presents to them what seems to be a typical installation wizard.

To activate the software, users are urged to enter their mobile phone number, click on the "Send me an SMS" button, then enter the code they receive via SMS into the appropriate field (click on the screenshot to enlarge it):

"But by performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis. Such installers usually contain meaningless data or the programs they are supposed to install, which in fact can be downloaded from official sites of their developers free of charge," Dr. Web researchers explain the scheme, and warn users to be wary of installing programs that require them to enter their phone number or send a text message.

As a side note that will be interesting to other malware researchers, the malicious installer has been created with and is being distributed via ZipMonster, a well-known Russian-language affiliate program.

UPDATE: Apple has added the definitions for the Trojan.SMSSend.3666 to its "Xprotect.plist" blacklist. OS X malware tools are updated daily, so the majority of users is now protected from this Trojan variant.


Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 31st