updated 12:05 pm EDT, Thu June 11, 2009
New Mac malware circulates
A new piece of Mac-targeted malware has entered the wild, say security researchers with ParetoLogic. Dubbed OSX/Jahlav-C, the software is currently associated with a website called PornTube, and is described as a Trojan concealing itself as an ActiveX object needed to run video. The approach is somewhat unusual in that ActiveX is uniquely associated with Windows, and therefore less likely to deceive a Mac user.
Should a PornTube visitor agree to install the object, an "AdobeFlash" shell script file is created in a Mac's /Library/Internet Plug-Ins folder. The file is set to execute periodically, and contains a shell script with a Perl script buried inside. The Perl code in turn communicates with a distant website, downloading data for malicious purposes. Other files associated with the Trojan include: HDTVPlayerv3.5.dmg, VideoCodec.dmg, FlashPlayer.dmg, MacTubePlayer.dmg, macvideo.dmg, License.v.3.413.dmg, play-video.dmg and QuickTime.dmg.
While malware remains uncommon on the Mac, Apple has had to stray from assertions that the platform is effectively immune to problems experienced by Windows users. A high-profile Trojan released this year has been tied to pirated copies of iWork and Photoshop, and it is believed that more malware will debut as Macs gain popularity. Hackers are known to target common platforms for the widest possible impact.