New Mac Malware Disguises Itself as OS X Installer, Targets Cellphones

You might’ve thought that by owning an Apple Mac your chances of being infected by malware are pretty low. Well, sorry to disappoint all you fanbois out there, but it would seem that this particular threat has reared its ugly head on the Apple machine for the first time.

The Russian security vendor Doctor Web is claiming to have identified a Trojan that disguises itself as the OS X installer on Mac computers, in order to trick people into running the malware. Doctor Web has named the threat as Trojan.SMSSend.3666 specifically because its aim appears to be stealing phone numbers from those machines it infects.

We’ve seen similar threats on Windows in the past – malware mimicking apparently legitimate software – but Doctor Web says that this is the first time it’s seen this particular kind of malicious software appear on Apple hardware.

Opening the program causes the malware to prompt users to enter a phone number so that OS X can be activated. If they do so, the program sends an ‘activation code’ to their phone via SMS. Unfortunately for the unwitting user, while they go and enter the code and think that all is dandy, their phone has just been charged a recurring subscription fee which is debited on a regular basis. To further convince users, the software will actually complete its fake ‘download’ so that the majority of users will be totally unaware of what’s happened.

This is an interesting one, and not just because it’s the first time we’ve seen this kind of threat on a Mac. Targeting phones hasn’t really been that popular among hackers before, mainly because there are more profitable enterprises they can pursue. However, by attacking Mac users for the first time it would appear that someone has made this particular scheme quite profitable.

About Mike Wheatley

Mike loves to talk about Big Data, the Internet of Things, Hacktivists and hacking, but he also hates Google and can never resist having a quick dig at them should the opportunity arise :) Got a REAL news story or tip? Email Mike@SiliconANGLE.com.