Code attaches to files at legitimate websites

(Updated with list of affected apps) A new piece of spyware is targeting Mac users through downloaded apps, warns security firm Intego. Dubbed "OSX/OpinionSpy," the code is said to be attached to programs like screensavers, found at otherwise legitimate download sites like MacUpdate, VersionTracker and Softpedia. Only when a person tries to install an affected app is the separate spyware actually downloaded, in some cases under the guise of being a "market research" tool.

The code attempts to run as root, asking for an administrator's password. If granted access, the spyware will then open an HTTP backdoor, and perform a long scan of any and all files, including those on network volumes. It also tracks incoming and outgoing network packets, and steals information from Safari, Firefox and iChat. The collected data is sent to remote servers, potentially exposing all of a person's private details, such as passwords and credit card numbers.

On top of this the code will occasionally prompt people to enter data voluntarily, for instance by filling out a survey. OpinionSpy can ultimately break a Mac, forcing a user to reboot his computer while still suffering from the infection. Deleting the program the spyware is associated with does not remove the latter.

Intego remarks that a Windows version of OpinionSpy has existed since 2008, but that the Mac version appears to be a more serious threat. People are urged to update their antivirus software as soon as possible, and turn on real-time scanning, which should be able to detect the spyware's download. Tools that can successfully spot OpinionSpy should be able to eliminate it.

Update: Intego has supplied what it calls a "preliminary" list of contaminated apps. All but one, MishInc FLV To Mp3, are made by a company called 7art-screensavers. A list of titles can be found below.

• Secret Land ScreenSaver v.2.8
• Color Therapy Clock ScreenSaver v.2.8
• 7art Foliage Clock ScreenSaver v.2.8
• Nature Harmony Clock ScreenSaver v.2.8
• Fiesta Clock ScreenSaver v.2.8
• Fractal Sun Clock ScreenSaver v.2.8
• Full Moon Clock ScreenSaver v.2.8
• Sky Flight Clock ScreenSaver v.2.8
• Sunny Bubbles Clock ScreenSaver v.2.9
• Everlasting Flowering Clock ScreenSaver v.2.8
• Magic Forest Clock ScreenSaver v.2.8
• Freezelight Clock ScreenSaver v.2.9
• Precious Stone Clock ScreenSaver v.2.8
• Silver Snow Clock ScreenSaver v.2.8
• Water Color Clock ScreenSaver v.2.8
• Love Dance Clock ScreenSaver v.2.8
• Galaxy Rhythm Clock ScreenSaver v.2.8
• 7art Eternal Love Clock ScreenSaver v.2.8
• Fire Element Clock ScreenSaver v.2.8
• Water Element Clock ScreenSaver v.2.8
• Emerald Clock ScreenSaver v.2.8
• Radiating Clock ScreenSaver v.2.8
• Rocket Clock ScreenSaver v.2.8
• Serenity Clock ScreenSaver v.2.8
• Gravity Free Clock ScreenSaver v.2.8
• Crystal Clock ScreenSaver v.2.6
• One World Clock ScreenSaver v.2.8
• Sky Watch ScreenSaver v.2.8
• Lighthouse Clock ScreenSaver v.2.8

by MacNN Staff