The latest variants of the new Mac malware we have been tracking has an interesting payload that many people may not have realised yet.
It’s well documented that the fake anti-virus attacks attempt to trick you into believing that you have security problems on your Mac, and that you need to hand over your credit card details to buy a version which will clean-up your computer.
However, when we left an infected Mac running for a while unattended earlier today in our labs, we found that it would periodically open instances of the web browser and point them to various websites.
As you can see, the website isn’t necessarily the kind that you might want regularly popping up on your screen – especially if you don’t have an understanding wife or boss.
A quick look inside the code of the attacks, which Sophos is detecting as OSX/FakeAV-A, reveals a list of possible websites that you may find your computer visiting without your permission:
My guess is that the malware attackers are doing this as a further incentive for you to purchase the so-called “fix”. It’s just another clever piece of social engineering which might make you rush into handing over your credit cards, in the belief that your Mac has been compromised.
Don’t forget, the bad guys will use every dirty trick in the book to get their hands on your money.
Sophos customers should be protected, but if you have a Mac at home and want to defend yourself you can download our free anti-virus. It’s automatically updated to protect against the latest threats.