While still low-intensity compared to the PC platform, malware attacks against Macs are definitely becoming more prevalent. Trend Micro researcher Ivan Macalintal has found another new variant of the JAHLAV family hosted on known malicious domains. The new variant is detected as OSX_JAHLAV.I and, like other JAHLAV variants, poses as pirated versions of legitimate applications and modifies the system’s DNS settings, allowing malicious users to be victimized by phishing attacks, or surreptitiously redirecting them to sites which might harbor malicious exploits .
Unlike the earlier variants which only posed as versions of QuickTime, this one also poses as pirated versions of Foxit Reader and several antivirus applications. In addition, like the June variant of JAHLAV—OSX_JAHLAV.B—at least one website hosting OSX_JAHLAV.I could also deliver malware onto Windows systems, although the said file is no longer available from the said website.
Both Mac and Windows users are protected by the Smart Protection Network against this threat, as the websites involved are already blocked and the malicious files are detected as noted above.