First fake-installer Trojan for OS X spotted in the wild
Indeed, upon receiving the code by SMS users will be able to ‘activate’ the software and finish the installation, or in some cases the installer might not work at all. In either case what they’ll find out later is that messages will keep coming on a regular basis and a fee will be debited each time from their mobile phone accounts.
The attack in question is dubbed Trojan.SMSSend.3666 and is being distributed under a rogue affiliate program known as ZipMonster that helps fraudsters craft fake installers and monetize their attacks.
Though it may be obvious to anyone who knows its way around a computer, the best defense from these types of scams is to always download software only from trusted sources or from the developers themselves. There’s no mention of whether Lion and Mountain Lion’s Gatekeeper is able stop the installer in its tracks, though it should be the case with the default setting preventing unsigned code from being executed.