Mac OS X: Vulnerable to new Trojans

One of the great myths about Mac OS X is that it's invulnerable to malware. But two pieces of malware making the rounds show that certainly isn't the case. One reason the Mac has been safer than PCs in the past is that Windows has so much more market share. But now that the Mac is gaining in popularity, expect Mac-based malware to increase as well.

One of the new pieces of malware is a Trojan called OSX.RSPlug.D. The security vendor who discovered it, Intego, says it is much like a previous Trojan, but has a new installer. What's particularly dangerous is that this new installer may be used to inject other malware into Mac machines in the future. the Intego security memo about it notes:

A Trojan horse, its installer is different: it is a downloader, and it contacts a remote server to download the files it installs. This means that, in the future, the downloader may be able to install other payloads than the one it currently installs.

For details, see this security memo from Intego.

The new Trojan is found on pornographic Web sites. It tricks users into downloading it by telling them they need a codec to play a video file. Then it installs malicious software called DNSChanger, which hijacks Internet traffic to a DNS server, which sends Mac users to phishing sites or to pages that display ads.

Intego also warns that a new hacker tool has been released that can create Trojans for Macs. It's called OSX.TrojanKit.Malez. Here's what Intego says about it:

This hacker tool can be used to create a “backdoor” on a Mac OS X computer. This backdoor then gives a hacker remote access to the computer. The code is added to an unsigned third-party application that is installed manually on a Mac, and, when the application is run, the backdoor is activated.

For details, see this Intego security memo.

Apple hasn't reacted particularly quickly when it comes to online threats, possibly because Macs haven't been targeted much in the past. For example, last week, Safari was finally given an anti-phishing feature, the last browser to get it.

It's time for Apple to fixing vulnerabilities more quickly. The more Apple succeeds in gaining market share, the more that Macs will be targeted.

Preston Gralla is a contributing editor for Computerworld, and the author of more than 35 books.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon