Apple Mac malware: caught on camera

Pob in our analysis labs blogged earlier this week about a new variant of the RSPlug Trojan horse for Mac OS X that he had written protection against.

One of the ways in which the OSX/RSPlug-F Mac Trojan horse is being distributed by hackers is in the form of a poisoned HDTV/DTV program called MacCinema.

As you’ll see in this video, visiting a website that gives many of the signs of legitimacy, can lead to you downloading a Trojan horse. Even for the Apple Mac.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

And don’t try and tell me that this couldn’t affect Mac OS X users because they would have to enter their administrator username and password to install the package. If they were prepared to download this program from this website, I feel pretty confident that they would enter their administrator details to allow installation too!

Mac users are no different to Windows users in this regard – this is social engineering, plain and simple.

Oh, and Windows users shouldn’t feel too smug about this either. If you visit the site on a Windows computer, it will serve up a malicious Windows executable from the Zlob family of malware rather than a Mac OS X Trojan horse.

By the way, we tried this on both Firefox and Safari on the Apple Mac. It makes no difference. The attack does not depend on a browser vulnerability – it works by the user being convinced that this is a program that they would like to run on their computer.