Chicago (IL) – And you thought you were safe from malware when you switched to a Mac. You may change your mind soon, especially now that Mac's recent market share gains appear to contribute to the growing interest of malware authors in Macs. Security experts are warning now about a new Trojan horse released in the wild, targeting OS X Tiger and Leopard users. The malware can steal your passwords, avoid detection, log what you type and even take your picture.

If the latest malware alert is any indication, Mac users may be forced to re-think their relaxed approach to online security. There is a new, dangerous form of a Trojan out there which already apparently is circulating in multiple variants that target OS X Tiger and Leopard users. Unlike previous malware attempts that often were proof-of-concept releases, this beast can cause real damage, researchers from SecureMac and Intego are reporting.

AppleScript.THT comes either as a 3.1 MB application dubbed AStht_v06 or as a 60 KB compiled AppleScript script called ASthtv05. Once a user downloads and runs one of those executables, their system is infected.

When active, AppleScript.THT exploits a recently outlined Apple Remote Desktop Agent vulnerability. The malware runs with a root user and system-wide account with full privileges used by the operating system. It then adds itself to the System Login Items to launch the Trojan every time a Mac is restarted. It also moves itself into the /Library/Caches/ folder. Security researchers warn that the Trojan runs in the background and hides itself from a possible detection by turning off system logging and opening ports in the operating system's software firewall mechanism.

You may have guessed that AppleScript.THT can communicate with the outside world and enables a malicious user to gain complete remote access to your Mac. It has been confirmed that such a user can use the Trojan nested in your system to steal system and user passwords, as well as various other passwords stored in the keychain. It can also log keystrokes of whatever you're typing on a keyboard and send that data remotely to a malicious user.

AppleScript.THT  can also turn on file sharing features to expose your files to the outside world. Additionally, it is able to take screenshots of your desktop and even take your pictures using Mac's built-in iSight camera.

SecureMac and Intego said they have updated their virus definitions databases to detect and remove the Trojan.

lol

Jun 24, 2008 09:59     

Sorry, it's just nice to see the Mac elitists knocked off their high horses. As popularity increases, so will these threats. Too bad most Mac users are too cocky to use an antivirus or firewall.
Task report abuse vote down vote up Votes: +21

How does it trick you into downloading and installing?

Jun 24, 2008 10:13     

How does it trick you into downloading and installing? Has this been found in the wild?
Ralf The Dog report abuse vote down vote up Votes: +15

haha

Jun 24, 2008 10:51     

its about time. Soon mac users will realize that their OS had "more secure" or has "better security" but was just ignored by hackers because not enough people used macs (aka no one likes macs and they are too expensive) sweet, i got a laugh and a mac bashing session in at the same time. No hard feelings.. i dont hate macs, in fact i quite like them, i just dont like cocky mac users.
Mtotho report abuse vote down vote up Votes: +2

Interesting....

Jun 24, 2008 10:58     

You know, that's a good point. All those macbooks have cameras,and I even remember a story about a criminal who was caught when a girl remotely accessed her stolen macbook and snapped a picture. I'm going to tape my wife's macbook camera hole, but somehow I don't think that's going to protect us from all the dangerous stuff out there. Just roll the dice and hope that you're just not one of the randomnly selected victims in the universe.

Jacques report abuse vote down vote up Votes: -8

It was just a matter of time....

Jun 24, 2008 11:05     

...before something like this happened. Absolutely no operating system is invulnerable to viri, malware, trojans, and etc. It's arrogant to think one is. Hopefully this will humble Apple a bit, and force them to address that no, in fact, Mac's aren't perfect.
me report abuse vote down vote up Votes: +5

Yep

Jun 24, 2008 11:05     

It was only a matter of time. I own a mac, but this whole notion that macs don't need updates, macs are safer, macs don't have viruses is completely false. My Mac gets an update notice almost twice as much as my XP and vista machines. Personally I like Apple for thier consumer electronics. I'm not a big fan of the computers or OS (though I love the fact that it's unix at it's core). Even though I like Apple I LOVE it when Mac elitists get it handed to them as well!

Ricko report abuse vote down vote up Votes: +1

agreed

Jun 24, 2008 11:06     

I completely agree with you. The whole "we are better than you in every way" approach Apple is using to gain popularity will ultimately be their worst enemy. It really is going to come back and bite them. Especially that they are now 7th in the notebook share market. Keep the malware coming to Leopard and we can see how apple reacts to this kind of attacks. I actually like Apple and do not want to see them fail, but of recent I think they are just getting too greedy and cocky.

gnon report abuse vote down vote up Votes: +0

well to the market

Jun 24, 2008 11:14     

now that macs actually have a portion of the market, it is being proven again and again, macs OSs are no more secure than microsoft OSs.
interesting report abuse vote down vote up Votes: +1

Uh, now what's the score? 1 Mac trojan in the wild...

Jun 24, 2008 11:15     

Uh, now what's the score? 1 Mac trojan in the wild due to an unpatched (yet) vulnerability. How many for Windows? Apple will fix this soon, then we will be back to zero. (Yes, I know this can't last forever, but malware is going to continue to be much much less of a problem for Macs for the foreseeable future.)
Rich report abuse vote down vote up Votes: -40

Only 1?

Jun 24, 2008 11:46     

Because there are many more PC users than mac users, its much easier to infect Windows boxes because of the sheer number of people using Windows compared to those who use OSX. If your head wasn't stuck so far up your ***, you would have known this before making such an uninformed comment.
m0o report abuse vote down vote up Votes: +10

Take it all in...

Jun 24, 2008 11:46     

Oh I just love it. Yes, lets make a remote access that allows for you to take pictures remotely, so someone can take advantage of this. This is how it starts, I'm sure there are going to be much more malicious viruses coming soon.
JackCrackerMan report abuse vote down vote up Votes: -3

RE: Uh, now what's the score? 1 Mac trojan in the wild...

Jun 24, 2008 11:55     

You can't patch a computer to protect from a trojan. You would need to patch the user. A trojan is not a virus. The user chooses (is tricked) into downloading and runing the program. The best patch is education. That special "CODEC" that you need to look at the marmot porn site will steal your credit card numbers.
Ralf The Dog report abuse vote down vote up Votes: +16

So What

Jun 24, 2008 12:10     

You must be an Administrator to install anything on a Mac. On my systems, I'm the only adminstrator. All other users are limited. Not going to happen to me. Also, Apple will patch the problem shortly. Now, go back to your completely infected PCs.
dcolley report abuse vote down vote up Votes: -26

@ Task, Mtotho, and others. Are you all idiots?

Jun 24, 2008 12:20     

Please re-read the following line in the article: "AppleScript.THT comes either as a 3.1 MB application dubbed AStht_v06 or as a 60 KB compiled AppleScript script called ASthtv05. ***ONCE A USER DOWNLOADS AND RUNS ONE OF THOSE EXECUTABLES***, their(sic) system is infected." I hardly call that a breach of security. It's more like a breach of common sense for the user who runs random scripts. What a bunch of stupid PC/Linux fanboys.

Amit Depak report abuse vote down vote up Votes: -18

RE: Rich

Jun 24, 2008 12:23     

For every one vulnerability Apple patches, 10 more will spring up. Same with Microsoft, and any other major software player. It's just that no one was looking or cared about Mac's vulnerabilities until now. Why spend time writing a program that can cripple and exploit 1,000 macs, when the same time can be spent on a program that can cripple and exploit 100,000 windows systems? That's slowly changing though. Welcome to the party Apple.

P report abuse vote down vote up Votes: +6

@Rich

Jun 24, 2008 12:35     

I hope that statement," Malware is going to continue to be much much less of a problem for macs for the foreseeable future." comes back to bite you.
JackCrackerMan report abuse vote down vote up Votes: +4

Is there anybody working on a new OS, other than MS and Apple?

Jun 24, 2008 12:38     

If Windows can be made by a couple of kids working out of a garage and Apple is merely a pretty Unix, then why can't we seem to get a group of IT gurus together in another garage to create a 3rd contender? Or at least make a substantial improvement to Linux that is more public ready. If there were more options out there and a lot of people using varied OSes, it would be less advantageous for these hackers to code and many would stop wasting their time trying to attack us just out of laziness. I'm not saying it'd be easy, because I don't even know how to alter Linux. I am just astonished that this hasn't been done at this point in time.

Nick B. report abuse vote down vote up Votes: -6

Backpedaling now, huh?

Jun 24, 2008 13:22     

Used to be the wintards would say that we would never have marketshare. I guess the writing is on the wall now though, huh? You all seem to think Mac rise is inescapable now. Guess you got something right after all. And it's very true, you would have to be running Admin to even be POTENTIALLY affected by this. It's not an issue, and no thanks 'security' company, I don't need your products yet. Keep trying, come back and play again someday...

Brian report abuse vote down vote up Votes: -10

Confused much?

Jun 24, 2008 13:22     

Windoze made by kids in a garage? Huh?
Brian report abuse vote down vote up Votes: -1

Solution to the problem

Jun 24, 2008 13:24     

Simple solution to the problem. What a relief Several ways to solve the problem have now been suggested. The exploit doesn't work if the "Remote Management" option is enabled under Mac OS X 10.5 "System Settings/Sharing/" – but this is not the default setting. Neither does it work if the Apple Remote Desktop client has been installed and enabled under Mac OS X 10.4. Other suggestions are to completely remove the Apple Remote Desktop, to compress the file, or to delete the SUID bit in ARDAgent chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent. http://www.heise-online.co.uk/news/Root-exploit-for-Mac-OS-X--/110968

AdamC report abuse vote down vote up Votes: +2

RE: Solution to the problem

Jun 24, 2008 13:57     

I think part of what you quoted was a mistranslation. "The exploit doesn't work if the 'Remote Management' option is enabled under Mac OS X 10.5 'System Settings/Sharing/' " This should be "The exploit doesn't work if the 'Remote Management' option is NOT enabled under Mac OS X 10.5..." Turn Remote Management off. Secondly, "Neither does it work if the Apple Remote Desktop client has been installed and enabled under Mac OS X 10.4. " should be, "...Neither does it work if the Apple Remote Desktop client NOT has been installed and enabled under Mac OS X 10.4." If you want to be safe, disable or do not install the Apple Remote Desktop client.

Ralf The Dog report abuse vote down vote up Votes: +8

Cocky?

Jun 24, 2008 14:05     

Wow what's with these PC folk calling Mac users cocky while at the same time throwing out their own cocky comments? It seems there are cocky ones in both camps and they get off on playing with each other. It's this small group in each camp that give both a bad name. Why don't you all grow up and stop with the fighting? To tell you the truth I've used both systems for years and I can't believe how many PC folks would jump all over me just by mentioning I use a Mac. Also I've helped numerous folks switch and every one of them has at one time or another asked my why PC people are always bashing them now. I think the few cocky Mac users I know are that way because of the years of dealing with the PC bashers. As far as this malware, I don't recall ever reading where Macs are perfect, only that they are currently less threatened and more secure. Which by the way HAS been true, for whatever reason. I use to run security software on OS9 and early and will do so when the time comes for me to do so with OSX.

Lantz report abuse vote down vote up Votes: -6

Just a couple of things

Jun 24, 2008 14:58     

First, this isn't the first attack on Mac OS and it won't be the last. Anyone who believes any OS is secure just because a company or some fanboys say it is needs their head examined. I've been a software engineer for 10 years and I have yet to meet an OS that doesn't have security holes. The fact of today's PC/MAC whatever is you need some kind of security period. Don't hope and pray your OS maker will do it for you. With all that out of the way this virus is hilarious. I can see the website now. First column your pic, second column the bank account before xx/xx/2008 $$$, third column bank account after $0. I have to give credit to a person who takes your picture while ripping you off.

Action Jackson report abuse vote down vote up Votes: +5

It's only a matter of time before Mac's have new ex...

Jun 24, 2008 16:36     

It's only a matter of time before Mac's have new exploits coming out weekly or monthly. If there's a way to make decent money doing something, somebody, somewhere will do it. If/When Mac's hit 15% market share you're going to see a lot of Mac users getting ripped off since they're so smug and think using a Mac is security enough. It's a good thing no important servers anywhere are run off Mac's.
Gary report abuse vote down vote up Votes: +0

Both systems are good.

Jun 24, 2008 17:44     

I love my Windows OSs and I love OSX. Both are good. And for viruses. I have had almost 0 viruses on my PC. Most PC viruses are from stupid people or people looking at porn. Anyways, if Macs were so safe then every government computer would be Macs. The military would use Macs. CIA, etc.
Old Ladies report abuse vote down vote up Votes: +4

Windows Fanboys Rejoice!

Jun 24, 2008 20:14     

Unreal how the web has blown this out or proportion and the Windows Fanboys have jumped on it. The fact is this is user initiated exploit that can be had many different ways but in this case extends itself through a FEATURE of the desktop management software. In other words once you download and run something and give away your username and password all bets are off! But hey, if I were a Windows user living with this day in and day out I'd be pleased to see someone else get one.

Jeffsters report abuse vote down vote up Votes: -5

Re: Windows Fanboys Rejoice!

Jun 24, 2008 21:35     

Notice this happens after Mac's popularity rises? Its because a HUGE mass of PC owners are using Windows, so malware has a much greater effect on people. Mac actually admitted to this in one of their commercials recently. Noone is 100% secure, it only takes new malware, and in some cases, old malware.
Calvin report abuse vote down vote up Votes: +0

Ahahahahah

Jun 24, 2008 22:53     

Apple will patch this in the coming week; Windoze takes months to get on their stuff, it's pathetic. I don't care if there are viruses for OSX, the Apple OS is much more secure, and Apple cares enough to respond quickly and effectively. But as Windows users I am not surprised at your stupid reactions!
B report abuse vote down vote up Votes: -6

Flaw

Jun 24, 2008 23:25     

>You must be an Administrator to install anything on a Mac. On my systems, >I'm the only adminstrator. All other users are limited. Not going to >happen to me. Also, Apple will patch the problem shortly. Now, go back >to your completely infected PCs. 1. You don't need to be an admin, you need one's username and password. 2. You much more control over what the users are allowed to do on Windows, you're just an admin by default (just like a Mac without password) 3. Completely infected PCs? You need to be an *** that clicks on everything like a Mac user to need an anti-virus or any kind of protection on Windows. Now Macs have trojans, same thing. > I hardly call that a breach of security. It's more like a breach of > common sense for the user who runs random scripts. But average Mac user who was mislead by Apple's advertising campaigns will click on anything thinking he's shielded. > Turn Remote Management off. Yeah, do like Windows' default setting, turn it off. However, the trojan could probably enable it. > A FEATURE of the desktop management software. Access to keystrokes, looking at passwords stored in a "secure" location, taking pictures from a computer supposed to have no one in front of it, these are FEATURES ????

Meeeeeeeeeee report abuse vote down vote up Votes: +0

pc vs mac

Jun 25, 2008 00:06     

yea, I got a mac and bunch of pc. there is no way to avoid using pc...it's just that most business software runs on pc. as for mac, to be honest, it has better GUI but because it was design for newbie. Is it better? well, can't config a lot of options...you can say it's simple but I can say it's lack of customization. As for virus..sicne they now get a large chunk of laptop sale...it's just waiting to happen that virus are going back to mac...just like my old apple II days that all virus are for apple... The Apple vs PC ads are so distorted and just plain old lies that I think the marketing is genius for fooling the mass. apple is as easy to hack as a pc. Just like a junk car that nobody wants to steal does not mean it's not easy to steal and is secure. it has as much updats as PC and it's as easy to crash... to be fair you have to count only crashes cause by the o/s itself and not the 3rd party junk you put on it. As for security on vista is overblown....yea, it's annoying at times, but symantec internet security or other virus software are doing the same thing..... yea, security is annoying but so is your mom... still don't get what is the big deal of "MAC number 1 in campas" ads... Actually I think most school has more PC than macs...not counting the students's laptop.

andy report abuse vote down vote up Votes: +1

don't buy anything from Securemac

Jun 25, 2008 03:32     

This is a sad attempt to sell anti-virus software by securemac. That's what went wrong with Windows the Windows thing. Too many 3rd parties got involved in the security side of things.
J report abuse vote down vote up Votes: -1

I miss the days of NetBus

Jun 25, 2008 04:39     

I miss the days of NetBus (PC) I remember taking screenshots and making their cdrom open, deleting files... hahaha...fun stuff!
me report abuse vote down vote up Votes: -2

Re: Windows Fanboys Rejoice!

Jun 25, 2008 07:05     

- The fact is this is user initiated - exploit that can be had many - different ways but in this case - extends itself through a FEATURE of - the desktop management software. Yeah, that's it, it's not a bug it's a feature! :rolls eyes: So it's not just Microsoft that steals ideas from other companies then is it? :-p
me report abuse vote down vote up Votes: +4

Features?

Jun 25, 2008 09:42     

If you turn off features then you have less functionality. So now you're saying to turn off features so that your Mac doesn't get these trojens. I've been working on a PC knowing that there will be issues but there's a huge support for it. I keep the services that I use on. I know my PC is secure because I aviod sites and don't believe in the get-rich-nigerian crap. I have a firewall enabled(by default) and have a good AV installed. Now brings me to a typical Mac owner. They have that elitist status of buying a Mac. Thinking nothing is going be stopping them. Hence why this trojen exploits the Mac. From reading the article and comments I've concluded that Mac owners should be coloring, because that is all the brain activity they can take at once. I may use a PC, but atleast I didn't spend $1000's for it.

Headward report abuse vote down vote up Votes: +2

RE: Features?

Jun 25, 2008 15:55     

Turning off the remote control software that ships with your computer is a smart thing to do on any OS. Remote desktop is a big sign on your back, "Hack ME!" Adding anti virus software to your Mac is useless as it only has one exploit to search for and the exploit will only work if the user chooses to execute it on their own computer. This exploit will soon be patched. I am a paranoid Mac user. I do not allow scripting in emails. I do not display images in emails. I have a hardware firewall and run the built in OS X software firewall. The only reason I would have for AV would be to prevent myself from forwarding an infected email to a Windows user. My mail server does this job without eating my desktop clock cycles. I have been tempted to set up an off line virus scanner that boots off of separate media. I don't see this as a critical priority.

Ralf The Dog report abuse vote down vote up Votes: +1

Thank God

Jun 25, 2008 19:45     

Finally, mac users will shut up about how much safer macs are. I've been telling them for years that when macs become more popular, they would get viruses too. Mac users ARE way too cocky about how great their computers are. Face it, most mac users like it just because it looks pretty. They don't know anything about why it's actually better than Windows, and now I won't have to hear "It's SOO much safer!" One less feature for mac users to feel the need to tell the world about.

Timewew report abuse vote down vote up Votes: +1

So the moral of this story is... Get Linux

Jun 25, 2008 19:50     

If you want security, get Linux (preferably Ubuntu). Linux is like Mac but without all the cockiness people seem to inhale the moment they get their shiny new overpriced Apple product.
Timewew report abuse vote down vote up Votes: +3

re: How does it trick you into downloading and installing?

Jun 25, 2008 23:39     

uh, how about pop-ups that said "Free credit report...", "Low interest rates, click here..", "Free iPod giveaway...", "Your computer has slowed, click here for a free scan...", "Your computer is infected, click here to download SuperAntivirus..."
Doug_d report abuse vote down vote up Votes: +0

Ladies! Don't go bare or dress sexy in front of your Macbook!

Jun 25, 2008 23:50     

You don't who may be watching! or taking your pics and spreading them on the net! Oh wait, the next celeb's sex tape could be from a Mac in the bedroom... We'll all see won't we?
Doug_d report abuse vote down vote up Votes: +0

Who cares what system other people use?

Jun 26, 2008 00:28     

This isn't about Mac being vulnerable to outside forces. I've never owned anything but Mac, and I can't see me changing my preference in the foreseeable future. However, I can agree that many mac users are very complacent when it comes to security. I've had my fair share of experience with Windows. Everyone around me...family, friends and employers have always been Windows users so I use both. I have always taken precautions with my computer, purchasing virus software, updating virus defs, and being smart about what I will and won't run on my computer. It feels like this is not about that. The Windows users are whining about Mac elitists. The apple users are calling the Windows users names in defense. For the line of work I am in, the apple is definitely better for me. I would never try to make anyone buy an Apple just to "convert" someone. If you are happy with your system, GREAT! But please, this is supposed to be about warning Mac users about potential threats. Not as a podium for preaching. Both have pros and cons. Grow up.

Like Canada report abuse vote down vote up Votes: +0

insert here

Jun 26, 2008 09:20     

This is the best time to have a Mac vs. PC commercial.
bman report abuse vote down vote up Votes: +0

If it has an Operating System...it's vulnerable to something

Jun 27, 2008 14:01     

Just goes to show(as Security experts know) if it's got an operating system then it's vulnerable, unless you turn it off and unplug it! It's just the level of interest in exploiting those vulnerabilities that makes the headline stories, Microsoft is popular, people focus on exploitation, Apple is now becoming popular, more exploits in 2008, Linux is becoming more popular, more exploits in 2008, ...the list continues into other software as well. Instead of arguing who's safer everyone should focus on telling the OS makers, what are they doing to make their OS more secure, and responding to code exploits quicker. PS I agree with some here, shame on Apple for touting their OS more secure in their commercials (which the security ones have disappeared lately, hmmmm?) Anyway it's like waving a big red target over your head to the bad guys! I hope Sun and Redhat don't start running commercials too! lol

Da Man report abuse vote down vote up Votes: +0

1. betcha couldn't get the trojan if you tried 2. a...

Jun 30, 2008 09:30     

1. betcha couldn't get the trojan if you tried 2. also betcha 6 months from now no one will remember what that trojan was apple squashed 6 months ago
meme report abuse vote down vote up Votes: -1

Not enough Macs to make viruses worthwhile? Get real...

Jul 18, 2008 03:14     

Okay then, so apparently the reason why there are virtually no Mac viruses is that there are "not enough Mac users to make it worthwhile", or somesuch. So how many is "enough", then? What is the minimum number of users to make it worthwhile? And why? Apple is on course to sell 10 million Macs this year. That's just *this year*, never mind all the other Macs it's sold (and remember, its market share is growing year-on-year, and has been for many years now). Plucking a number out of the air, let's just say there are 50 million Macs currenly in use in the world (not counting all the old ones that are now obsolete). Why is that not enough to bother writing viruses? That's 50 million people, nearly all of whom don't use any kind of antivirus, who are ripe for being pwned by some sociopathic hacker who would revel in the notoriety they would gain by being the first person to really stick it to the cocky Mac community with a destructive virus. So why hasn't it happened yet? The idea that there are "not enough Macs" is nonsense. The real reason, as anyone who understands the differences of programming for Windows and OS X is aware, is that Macs are simply harder to write viruses for than Windows. Most Windows malware is written by script kiddies who know just enough programming to be able to exploit the many holes in the OS. For them to be able to write Mac viruses would require them to invest time and effort in becoming much more advanced programmers. You just can't write a Mac virus as quickly and easily as you can a Windows virus - you need to be a much better programmer with a much deeper understanding of the OS. The Mac OS is obviously not invulnerable, but it most emphatically *is* extremely secure. That, above anything else, is the reason why there is virtually no Mac malware.

Dunebasher report abuse vote down vote up Votes: +0