In yet another blow to the tenuous false sense of security among Apple users, the Russian antivirus firm Dr. Web has uncovered what it claims is a first-of-its-kind fake installer Trojan targeting Mac machines and extorting their users with SMS fraud.
Trojan.SMSSend.3666 is the Mac variant within the Trojan.SMSSend family of fake installers. Windows users have had trouble with these sorts of Trojans for years. In general, members of the Trojan.SMSSend family pose as legitimate applications or software available for download on any number of Websites. Users that choose to install them are presented with what appears to be a genuine installation wizard.
The attackers rely on SMS fraud to monetize their scam, so the install-wizard prompts its victims to enter their cell-phone number into the designated field then sends a code to that user’s mobile device asking them to confirm the code back into the installer. Users that do this are unwittingly agreeing to the terms of a fairly typical SMS subscription scam that charges exorbitant fees to the user’s mobile phone account in exchange for meaningless SMS messages.
Trojan.SMSSend.366, the Mac-targeting version, is disguised as a program called VKMusic 4 for Mac OS X. The real VK Music application can be found in the Google Play store and appears to be an authentic service that provides two-way synchronization between user-machines and the popular Russian social network, VK.
The installer was created using a Russian-language affiliate program called ZipMonster. According to Dr. Web, ZipMonster is popular among cybercriminals for creating such fake installer and delivering payments to malware distributors.
SMS or toll fraud is rapidly emerging as the primary threat faced by users of mobile users, particularly those using Android devices.
Apple users have long enjoyed a relatively malware-free lifestyle. Detractors claim this has nothing to do with security features built into the OS X platform but is rather a reflection of Apple’s relatively small market share (compared to Windows). Hard to say for certain why Macs have had the easy road, but experts have long predicted that that road will come to an abrupt end sometime soon. While those predictions have yet to come to real fruition, we are still seeing a trickle of Mac-malware incidents from week to week.