Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Mac malware - OSX/Onionspy

Published: 2010-06-02
Last Updated: 2010-06-02 14:48:38 UTC
by Rob VandenBrink (Version: 1)
8 comment(s)

A new strain of MAC Malware is being reported by Intego - OSX/OpinionSpy. 

You can find details here:

http://blog.intego.com/2010/06/01/intego-security-alert-osxopinionspy-spyware-installed-by-freely-distributed-mac-applications/
http://webcache.googleusercontent.com/search?q=cache:tWyWhF_d-30J:blog.intego.com/+flv+mp3+intego&cd=1&hl=en&ct=clnk&gl=ca&client=firefox-a

So far, it has been seen on a number of screensavers, and a small java/php app generally named  "mac_flv_to_mp3.php" or similar, but be cautious on downloads, it's a simple bolt-on, so be on the lookout for it elsewhere.

The neat thing about this malware is that it passes most static scan tests - the downloaded software itself is clean, the malware is downloaded as part of the installation process.  This highlights the requirement for an on-access  virus scanner for your OSX computers.  I hate to bring "that advertisement" up again, but the "viruses? oh, mac's don't have that problem" statement was both not true and a huge red flag for malware authors.

Thanks to several readers for both pointing us to this article, and shooting us a copy of the actual code !

=============== Rob VandenBrink Metafore

8 comment(s)
Diary Archives