Trojan.SMSSend.3666 goes into the wild, poses as Mac OS X software

Posted by:
Date: Thursday, December 13th, 2012, 08:14
Category: News, security, Software

You should listen to your more paranoid relatives around the holiday dinner table when they say that there’ll always be someone trying to run a scam on someone else.

Just because they’re paranoid doesn’t make them wrong.

Per CNET, Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud.

The new malware is a Trojan horse, dubbed “Trojan.SMSSend.3666,” and is part of a family of Trojan malware for Windows and other platforms that have affected Windows users for years.

As with all Trojans, these pose as legitimate programs that are made available for download from a number of underground Web sites, with this current one for OS X appearing to be an installer for a program called VKMusic 4, a utility whose legitimate version is used for communication between machines on a European social network called VK.

During its installation, the malware triggers an SMS fraud routine where it asks users to enter cell phone numbers, then sends them SMS messages to confirm, which then subscribes the users to a scam that charges high fees for junk messages being sent to their phones.

Unlike recent malware targeted at OS X, this one is not a Java-based attempt to hack the system and install dropper programs that open backdoor access to the system. This one is built as a Mach-O binary that uses the OS X native runtime; however, this change does not alter the threat level significantly. Since the malware is distributed through underground means and requires specific user interaction both to install, and then subsequently and knowingly provide private information, it is a relatively minimal threat.

However, despite its slight impact, it does add yet another instance to the relatively short list of malware for OS X as compared to those for Windows and other platforms.

As with other recent malware for OS X, this one appears to be built specifically to fool those that use the European VK social network, as opposed to being a more widespread attempt, as was seen with the “MacDefender” malware.

Apple’s current XProtect malware definitions have not yet been updated to identify this new scourge, but as it gets analyzed and identified by security firms, the definitions will spread out for various anti-malware utilities. However, overall the main security tips emphasized by this development are to first check where any installer for your system came from, and then be cautious about giving out personal information including phone numbers and addresses. This is especially true for any installer you downloaded from a site that is not directly from the developer itself.

Stay tuned for additional details as they become available.

Recent Posts