Tweet

Malware targeting machines running on Mac OS are quickly becoming quite common, with new variants appearing on a seemingly monthly basis. Just last week, our friends at Intego reported of new variant of the RSPLUG Trojan in the wild.

Taking its cue from the routines of the first RSPLUG malware, this latest incarnation no longer limits itself to porn sites. It has been determined to be hosted in several websites linked to one another, offering keygens, cracks, and serial numbers for Mac applications.

Detected by Trend Micro as OSX_RSPLUG.B, this malware arrives on an affected system as a downloaded file from the Web and uses the file name serial_Avid.Xpress.Pro.5.7.2.dmg. And like the earlier variant, it also causes the affected system to redirect to a malicious URL by modifying the system’s network settings.

Worthy of note is its similarity to last month’s Mac Trojan, detected as OSX_KROWI.A, that piggybacked on pirated versions of Apple iWorks 2009 and Adobe Photoshop for Mac. Both incidents appear to ride on the ease-of-use and predictability of software installation on Macs – an apparently successful social engineering ruse.

Perpetrators of these malware continue to circumvent stumbling blocks in directly infecting Macs by tapping into the weakness and gullibility of users downloading and installing pirated software. Trend Micro reiterates its advice to users to use legitimate software only to avoid brushes with these types of security concerns. The Smart Protection Network already detects OSX_RSPLUG.B and provides solutions for its cleanup and removal.