More reports of Apple Mac Trojan horse seen in the wild

Filed Under: Apple, Malware

Mac OS X malware
Our friends at Trend Micro have blogged about a Trojan horse for Mac OS X they have recently encountered disguised as MacCinema Installer.

This has caught the attention of some reporters and bloggers (such as Dancho Danchev). That's not such a surprise. After all, Mac malware continues to make the headlines because of its novelty value and the fact that many Apple lovers are adamant that their computers are somehow protected by an invisible forcefield which makes them invincible.

However, in this case (as shown by a blog entry from our friends at Pareto Logic almost a week ago) this particular piece of Mac malware was already known about, and detected by a handful of security vendors already - including Sophos!

So, I'm glad to say to those customers who have enquired that Sophos does detect this malware (we call it OSX/Jahlav-C).

In his blog post about the malware, Danchev writes:

Not only are cybercriminals beginning to acknowledge the "under-served" Mac OS X segment, but also, they're already borrowing tricks from the Microsoft Windows playbook such as OS-independent tactics like fake codecs and bogus video players. The irony? Both the Mac OS X and Windows malware are hosted on the same domains, with copies of each served on the basis on browser detection.

This is all true. But I would stress to any non-believing Mac user that it's actually been true for a couple of years now. If you're a Mac user and not running anti-virus software, it's time to wake up and smell the cappuccino.


Here's a sample of just some of the Mac threats we've written about since the start of the year:

DownloadFree Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition

Update: I am indebted to Clu-blog reader @iamleeg who reminded me that Mac users' computers are protected from malware by a "Reality Distortion Field".

, , , , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and, and circle him on Google Plus for regular updates.