A new Trojan horse for Mac OS X?

Filed Under: Apple, Malware

Mac OS X malware

As Numaan points out on the SophosLabs blog, a "new" Trojan horse for the Apple Mac OS X operating system has been discussed in the security community for the last few days.

For instance,

The Trojan horse is closely related to the OSX/RSPlug Trojan horse for Mac OS X that we have seen being distributed in the wild since November 2007.

As with RSPlug, this most recent Trojan horse is being spread in an unoriginal way. Joe User visits a website expecting to see a video of something pornographic, but is told that they have to install a 'missing Video ActiveX object' before it can be viewed. The downloaded software, however, is in reality a piece of Mac OS X malware.

Of course, Apple Mac malware is still relatively unusual compared to the thousands of new Windows-based samples we see every day - so it's not a surprise to see people talking about this. But what did surprise us in the labs was that this "new" piece of Apple Mac malware was ..err.. news.

Sophos has been detecting this malware for customers as Troj/RKOSX-A since 29 August 2008.

Following all the new interest, we're going to have to go back to our analysis and add "Lamzev" as an alias in case our customers are searching for it. It's a shame the other vendors didn't scan the file with our Mac anti-virus product before deciding on their own name for this "new" piece of malware.

Correction: Read my correction to this story.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.