Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    Reports are circulating that a fake installer for Mac OS has surfaced, proving that Mac OS is still fair game when it comes to web threats.

    Our friends from Dr. Web have uncovered a fake installer for Mac OS X. Detected as OSX_ARCHSMS.A, users may encounter this threat by downloading from websites peddling supposed legitimate software. Once installed, it shows an image that looks like an installation wizard window.

    The curious aspect of this threat is that OSX_ARCHSMS.A asks users for their cellphone number and for the verification code to be sent via SMS. When done, users are prompted to agree with the terms and conditions of the program, which include being charged regularly via their mobile phone account. Needless to say, no program is installed and users end up being charged for a fake (and non-existent) program.

    If this ruse, in particular the charging of a user’s mobile account, looks familiar, you may have read about malicious Android apps known as premium service abusers. Usually disguised as legitimate apps, they are known to register users to premium services, send SMS and calls without their consent or knowledge, therefore incurring unnecessary charges for users. Some notable cases of premium service abusers include malicious versions of Bad Piggies and Adobe Flash Player for Android.

    But this fake installer is first on two different fronts: the first premium service abuser affecting Mac users and the first premium service abuse done under the guise of a fake installer. This is an interesting mix of technique, which only proves that cybercriminals can be a crafty lot – especially if they want money from users.

    This fake installer is certainly not the first threat that hounded Mac OS. Just early this year, the Flashback made headlines, not only because it targeted the said platform, but because of its scope and impact to users. We also previously found other, noteworthy threats that Mac users should be aware of.

    To stay protected, users must refrain from downloading files, programs from unverified sources and websites. Mac or no Mac, users must be cautious with their activities online. Users may think that they are saving money by downloading these “free” or discounted installers online – but they end up paying for more.

    Trend Micro Smart Protection Network™ protects users from this threat by detecting and deleting OSX_ARCHSMS.A if found in user’s sytem. Apple was also quick to address this issue.

    With additional analysis from Threat response engineer Mark Manahan

    Update as of December 17, 2:10 PM PST

    Windows-based systems are also infected by this threat, which Trend Micro detects as TROJ_ARCHSMS.VK. Similar to OSX_ARCHSMS.A, it also shows a window informing users to send an SMS to a premium-rate number to install the supposedly VK Player. As such, users are charged via their mobile phone accounts.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice