In yet another blow to the tenuous false sense of security among Apple users, the Russian antivirus firm Dr. Web has uncovered what it claims is a first-of-its-kind fake installer Trojan targeting Mac machines and extorting their users with SMS fraud.

Trojan.SMSSend.3666 is the Mac variant within the Trojan.SMSSend family of fake installers. Windows users have had trouble with these sorts of Trojans for years. In general, members of the Trojan.SMSSend family pose as legitimate applications or software available for download on any number of Websites. Users that choose to install them are presented with what appears to be a genuine installation wizard.

The attackers rely on SMS fraud to monetize their scam, so the install-wizard prompts its victims to enter their cell-phone number into the designated field then sends a code to that user’s mobile device asking them to confirm the code back into the installer. UseMac trojanrs that do this are unwittingly agreeing to the terms of a fairly typical SMS subscription scam that charges exorbitant fees to the user’s mobile phone account in exchange for meaningless SMS messages.

Trojan.SMSSend.366, the Mac-targeting version, is disguised as a program called VKMusic 4 for Mac OS X. The real VK Music application can be found in the Google Play store and appears to be an authentic service that provides two-way synchronization between user-machines and the popular Russian social network, VK.

The installer was created using a Russian-language affiliate program called ZipMonster. According to Dr. Web, ZipMonster is popular among cybercriminals for creating such fake installer and delivering payments to malware distributors.

SMS or toll fraud is rapidly emerging as the primary threat faced by users of mobile users, particularly those using Android devices.

Apple users have long enjoyed a relatively malware-free lifestyle. Detractors claim this has nothing to do with security features built into the OS X platform but is rather a reflection of Apple’s relatively small market share (compared to Windows). Hard to say for certain why Macs have had the easy road, but experts have long predicted that that road will come to an abrupt end sometime soon. While those predictions have yet to come to real fruition, we are still seeing a trickle of Mac-malware incidents from week to week.

Categories: Malware, Mobile Security

Comments (9)

  1. Anonymous

    We all know all that computers are vulnerable to viruses. Let’s have no delusions that viruses can’t be written for Windows, Mac, or Linux by a determined party.

    Just because one has been found to affect Mac users does not mean that the Mac is an inherently unsafe platform (as much as Eugene would like us to believe that). 

    Thanks for the update on the trojan though.

  2. Anonymous

    So, Google Play is hosting malware for OS X now?  Anyone can write malware for any OS, but isn’t Google supposed to vet software before they distribute it in the store?  This is much more a failure in Google’s part than Apple’s.


  3. Anonymous

    Search Wikipedia for FlashBack Trojan, Apple intentionally left older versions of OS X vulnerable, and even delayed on newer machines until there was a botnet of over 700,000 compromised Macs. Search krebsonsecurity for “Apple took 3+ years to fix FinFisher”, two cases where Apple has intentionally allowed vulnerabilities to remain in place. What’s the use in the Mac’s better security if idiots are in charge of it?

  4. Anonymous

    I should rather say, “What’s the use in OS X’s > BSD Unix core security if the idiots at Apple are in charge of it”


Comments are closed.