Apple Mac malware: caught on camera

Filed Under: Apple, Malware, Video

Pob in our analysis labs blogged earlier this week about a new variant of the RSPlug Trojan horse for Mac OS X that he had written protection against.

One of the ways in which the OSX/RSPlug-F Mac Trojan horse is being distributed by hackers is in the form of a poisoned HDTV/DTV program called MacCinema.

As you'll see in this video, visiting a website that gives many of the signs of legitimacy, can lead to you downloading a Trojan horse. Even for the Apple Mac.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

And don't try and tell me that this couldn't affect Mac OS X users because they would have to enter their administrator username and password to install the package. If they were prepared to download this program from this website, I feel pretty confident that they would enter their administrator details to allow installation too!

Mac users are no different to Windows users in this regard - this is social engineering, plain and simple.

Oh, and Windows users shouldn't feel too smug about this either. If you visit the site on a Windows computer, it will serve up a malicious Windows executable from the Zlob family of malware rather than a Mac OS X Trojan horse.

By the way, we tried this on both Firefox and Safari on the Apple Mac. It makes no difference. The attack does not depend on a browser vulnerability - it works by the user being convinced that this is a program that they would like to run on their computer.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley