Nefarious Mac OS X trojan spotted in the wild

Posted by Trent Nouveau

SecureMac has positively identified a nefarious trojan horse that affects Mac OS X - including Snow Leopard (10.6) - the latest version of the popular operating system.

The malignant malware, disguised as a video link, is quickly spreading by luring unsuspecting victims via e-mail and on social networking sites such as Facebook.

"When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically," explained SecureMac researcher Nicholas Ptacek.

Nefarious Mac OS X trojan spotted in the wild"When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system."



According to Ptacek, the clandestine trojan runs invisibly in the background at startup, while periodically checking in with command and control servers to report information on the infected system.

"The trojan hijacks user accounts to spread itself further via spam messages," he warned.

"[In addition, it] attempts to hide its Internet communications and actions through obfuscated code spread through multiple files and will attempt to contact additional command servers if the primary servers are unavailable."

Ptacek also noted that the Java component of the trojan is cross-platform and includes “other files” that affect Mac OS X as well as Microsoft Windows.

"There have been [credible] reports of similar behavior in recent trojan horses targeting Microsoft Windows, but they have not included cross-platform capabilities until now.

"[But we can confirm that] this trojan horse is currently in the wild affecting users of both operating systems."



SecureMac is offering a free removal tool to eliminate trojan.osx.boonana.a, which can be downloaded here