10/31, 9:05pm
Steals GPU time, tries to capture passwords, more
Anti-malware makers Sophos and Intego have warned of a new Mac OS X Trojan Horse that hides inside pirated software, specifically GraphicConverter v7.4. The malware, known as OSX/Miner-D or "DevilRobber," steals GPU time to generate counterfeit Bitcoins (part of anonymous digital cash system) and also attempts to steal usernames and passwords through periodic screen captures. It also sends information about the Mac's security setup and browsing history to a remote server.
more
10/12, 6:35pm
Users should be wary of any Flash update
Another malware installer for OS X has appeared, this time a variation on one spotted several weeks ago that masquerades as an installer for Adobe Flash, with the ultimate goal of stealing personal information from browsers and sending it to remote servers. While the latest version has several dead giveaways for savvy users, non-technical Mac users should be wary of any Adobe Flash "updater" they did not personally download from Adobe's own servers.
more
12/29, 5:40am
Google TV and social media also prime targets
The McAfee Threat Predictions report has stated that Apple’s platforms, particularly its mobile devices such as the iPhone and iPad will be increasingly targeted by cybercrime in 2011. The report noted a marked change in the threat landscape over the past year as mobile platforms have become more widely adopted in enterprise. It claims that where Apple has been relatively free of botnets and Trojans in the past, that these will become an increasingly common occurrence on its platforms next year.
more
11/04, 3:10am
Collects user info; removal tool available
The SecureMac team along with ESet Security have identified a new variant of the trojan horse malware they call "Boonana" (Intego and other firms refer to it as a form of the Windows trojan "Koobface," for reasons SecureMac disputes) that uses even crueler trickery in an attempt to convince users to install it. In addition, the companies has identified new servers actively collecting keylogged data such as user names and passwords. Though easy to prevent infection or remove if infected, the refined setup and misleading nature may fool novice users.
more
10/27, 5:40pm
Hides as a video via social networking, email
SecureMac and Intego, among other security firms, today alerted the Mac community to a new Trojan threat, trojan.osx.boonana.a (Intego gives it the name OSX/Koobface.a), which is spreading via social networking sites like Facebook and e-mail. The trojan appears as a link in messages with the subject "Is this you in this video?", and when users click on the link, a Java applet downloads an installer, which modifies system files to bypass passwords and other protections.
more
08/25, 9:15pm
Snow Leopard antivirus
The upcoming Snow Leopard update reportedly contains new anti-malware functionality, according to the Mac security company Intego. A number of beta testers have noticed a new warning screen that alerts users to malicious code. A leaked screenshot shows an alert dialog for an RSPlug Trojan contained in a disk image downloaded through Safari.
more
08/11, 3:25pm
Mac Trojan spotted
TrendMicro has spotted another Domain Naming System (DNS) Trojan targeting Mac systems. The malware, known as OSX/Jahlav-D, masquerades as a MacCinema Installer. Users are prompted to update QuickTime Player by downloading a QuickTimeUpdate.dmg file.
more
01/28, 4:00pm
iServicesTrojan, Integrity
Typinator 3.4 ($27) is a tool that will type out repeating texts and pictures. Users can set up a list of commonly used words and images, and then set up fragments that can be used trigger each phrase or image. The new version adds a couple of user-requested features and includes a number of small improvements and fixes. Typinator can now be suspended temporarily and preserve the height of the set list when the window size changes. The update also allows the software to expand abbreviations in floating windows such as in Spotlight or the quick entry windows of OmniFocus and TaskPaper. [Download - 2.7MB]
more
01/23, 11:35am
Xmart Volume, iWorkService
Currency Assistant 3.0 ($19) allows users to convert values between 174 world currencies (all major circulating currencies plus the 16 Eurozone legacy currencies). The software also automatically updates exchange rates over the Internet using the rates published by the European Central Bank, the Bank of Canada, the International Monetary Fund, and the Bank of Italy. In the latest release the software has been rewritten as a Universal Cocoa application, the currency conversion calculator has a fully revised interface and introduces several other new features. [Download - 2MB]
more
06/20, 8:40am
Mac OS X Trojan found
Multiple variants of a new 'Trojan Horse', designed to allow a malicious user complete remote access to a Mac OS X system have been discovered in the wild earlier this week according to makers of Mac anti-spyware and anti-virus solutions SecureMac. Dubbed 'Applescript.THT Trojan' and disguised as an application bundle called 'AStht_v06' (3.1MB in size), the malware seemingly originated, and is distributed via a 'hacker' website, as well as Limewire and iChat. Post system infiltration, the malicious script can reportedly "log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing". A 'copy cat' program based on the OS X Remote Management exploit was discovered earlier this week.
more
01/09, 12:10am
First iPhone Trojan attack
The iPhone recently fell victim to its first Trojan attack, which came in the form of a malicious file named “113 prep”. While installation of the phony application is relatively benign – the app merely says “shoes” when activated – uninstalling the file causes damage to or deletes system-critical files in the /bin directory on the iPhone. In addition to harming the devices own software, third party utilities are also being rendered useless through the same means. This attack was orchestrated by an 11-year-old, and has some modmyifone.com forum members laughing to ease the pressure using references to the 1995 film Hackers, due to the similarity of circumstances.
more
01/03, 6:45pm
Trojan removal tool
SecureMac has announced a free Trojan Detection Tool dubbed DNSChanger Removal Tool. DNSChanger Removal Tool detects and removes latest spyware targeting Mac OS X: DNSChanger Trojan (also known as OSX.RSPlug.A Trojan Horse). This trojan attacks users attempting to play a fake video file. Affected systems are used to hijack some Web requests that lead users to other phishing sites, or simply display ads for other pornographic websites to generate ad revenue. Phishing attacks may lead users to believe they are surfing to eBay, Paypal, or various banks when in fact they are accessing specially-crafted mockups designed to retrieve usernames and passwords for those sites. Upon attempting to play the video, the victim receives the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec."
more
11/29, 4:45pm
SonicWALL Quicktime issue
Networking security hardware manufacturer SonicWALL recently announced that it has distributed defensive measures to users of it's Unified Threat Management technology, against zero-day vulnerability exploits found in QuickTime. Malicious websites are able to create a stack-based buffer overflow in Apple's media player, by providing a phony movie file that, when activated, executes a series of code that allows a users machine to be taken over. SonicWALL says that the problem lies within the "Content-Type" header field that is sent from the server, which is not properly verified by the client's QuickTime. Once the "Content-Type" field reaches a certain length, a Buffer Overflow condition occurs, and through this, malevolent users can rewrite a user's privileges so that they have read-write access to the machine.
more
