Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Report: new Mac malware hides as fake software installer

Report: new Mac malware hides as fake software installer
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Dec 11, 2012, 10:06 PM
 
A Russian security firm with a mixed track record is warning about a new malware threat for the Mac, which masquerades as an installer for various types of software. Doctor Web, who claimed to have discovered the malware, says it is widely available on various sites -- though at present it is targeting Russian Mac users. The Trojan is apparently a Mac variation on a widespread Windows and Android trickware ruse that asks users for their cell number in order to send an activation code by SMS.

According to the report, the Trojan.SMSSend.3666 malware can be found in a repackaged installer from legitimate free software offerings, or can have non-functioning code as its payload. What the malware is after is the cell number, which must be entered to receive the "activation code," which is sent by SMS. When the software returns the activation code by SMS, the user is automatically signed up for an ongoing monthly subscription on their cell bill. The example provided by Doctor Web is an installer for VKMusic 4 Mac, a legitimate app for listening to music from a Russian social network. It is spread so far primarily by a rogue "affiliate program" company called ZipMonster that assists malware writers in monetizing their software. Most Mac users will be able to easily avoid falling for the trickware, should it spread to other regions. No legitimate installers for the Mac use the activation-by-SMS scheme in the installer, and most Mac users would know better than to give out their phone number to an untrusted software installer -- though apparently this practice is more common in the Android community, where apps can come from many sources other than just Google Play, and there is little screening of apps prior to being published. The installers also seem to refer to the Mac as the MAC, which is a common error made by Windows-centric programmers. The scheme is unlikely to work with most Mac users regardless of OS version, but in particular is likely to fail under OS X Mountain Lion and Lion, which sets a default Gatekeeper that prevents unsigned code from being executed. Developers must be registered with Apple, which most professional developers are, in order for installers to run in the default security settings. The controls can be overridden or turned off, but programs are also screened by built-in anti-malware software that is quietly updated. It's not known if Apple has taken any steps to detect and automatically protect from Trojan installers like this one. It can be reasonably expected that the malware makers will also try to perpetrate this scheme in the jailbroken iOS community, since jailbreakers are the only iOS users that can install software from non-Apple sources. Again, however, SMS-based activation is virtually unknown in the iOS world, so it's unlikely the rogue software will gain much of a foothold. In the meantime, however, any software that asks for a cell phone number on installation should be quit and deleted. The genuine VKMusic 4 Mac can be downloaded for free from the service's own website.
     
simdude
Fresh-Faced Recruit
Join Date: Jun 2004
Status: Offline
Reply With Quote
Dec 12, 2012, 07:50 AM
 
Have there been any cases of a virus/malware etc. in software distributed from the Mac App store? If not, it seems Apple has this problem under control for now, not that it ever turning into a huge problem in OS X anyway. For that matter, have there been any cases of issues in iOS if the devices were not jailbroken?
     
msuper69
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Dec 12, 2012, 12:38 PM
 
Another social engineering attempt.
They'll catch a few ignorants no doubt.
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Dec 12, 2012, 12:51 PM
 
Originally Posted by simdude View Post
Have there been any cases of a virus/malware etc. in software distributed from the Mac App store?
No, but the Mac App Store is not the only point of software distribution.

If not, it seems Apple has this problem under control for now, not that it ever turning into a huge problem in OS X anyway. For that matter, have there been any cases of issues in iOS if the devices were not jailbroken?
Not that I know of -- but the point is that this malware can hide in ANY installer, since it is a repackaged version of the installer for a legitimate app. For now it seems like it's a Russian thing, but it could spread. IMO there's little chance of it getting anywhere here, but that's in part due to stories like this that give us a heads-up and allow us to be vigilant. And while I would think most of the people who read this site would never fall for such an obvious ploy, we're by and large not typical users.
Charles Martin
MacNN Editor
     
simdude
Fresh-Faced Recruit
Join Date: Jun 2004
Status: Offline
Reply With Quote
Dec 13, 2012, 06:47 AM
 
Originally Posted by chas_m View Post
No, but the Mac App Store is not the only point of software distribution.
.
That was sort of the point I'm making though. If you stick with a trusted distributor, there hasn't been a problem to date. I'm well aware of the arguments against the app store. "they restrict my device", "They take 30% of the price" yadda yadda yadda. They also provide a massive market to an app, handle secure credit card transactions and keep and maintain the servers to distribute the apps. If people still don't want to use the store, you download at your own risk.

That being said, I probably have about 5 apps I have had to download directly because the developers are not on the app store. I have contacted the developers indicating I would much prefer an app store version. I have even repurchased a few apps I already owned to get the app store version. I like the one source for keep track of all my updates etc. There's a huge value in that. I spend my working day writing software for linux machines for internal engineering use so I don't have a problem with the technical issues of dealing with maintaining a system at home. I simply don't want to. I want my home computer to require as little work and maintenance as possible. I use to love playing with and hacking computers but nowadays, spending time with my wife and little daughter is much more fun.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Dec 13, 2012, 11:02 AM
 
Note that the 30% cut is a *terrific* deal for smaller development houses, in exchange for international distribution, dealing with any and all local sales taxes, accounting, distribution, legal requirements, etc. etc. etc.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Dec 13, 2012, 11:03 AM
 
Also, OS X's built-in malware recognition scanner has been updated to make this particular one obsolete.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:35 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,