MAC OS X Trojan spotted in the wild

First fake-installer Trojan for OS X spotted in the wild

Mac OS X users don't typically have to worry about malicious software, but with the platform’s popularity on the rise we’re starting to see more and more malware targeting Apple’s operating system. Just this week researchers at Russian anti-virus company Doctor Web discovered what they believe is the first fake installer for OS X, which disguises itself as the installer for a popular Russian application called VKMusic4, and attempts to monetize the attack by having users enter their mobile phone numbers for the purpose of “activation.”


Indeed, upon receiving the code by SMS users will be able to ‘activate’ the software and finish the installation, or in some cases the installer might not work at all. In either case what they’ll find out later is that messages will keep coming on a regular basis and a fee will be debited each time from their mobile phone accounts.

The attack in question is dubbed Trojan.SMSSend.3666 and is being distributed under a rogue affiliate program known as ZipMonster that helps fraudsters craft fake installers and monetize their attacks.


Though it may be obvious to anyone who knows its way around a computer, the best defense from these types of scams is to always download software only from trusted sources or from the developers themselves. There’s no mention of whether Lion and Mountain Lion’s Gatekeeper is able stop the installer in its tracks, though it should be the case with the default setting preventing unsigned code from being executed.