Two new malware for Mac OS X were recently discovered. Even though there are indeed relatively fewer Mac malware compared with Windows, many Mac users who still believe they are somehow magically immune from attacks may run the risk of encountering any of these two.
One of the newest Mac OS X malware, a Trojan detected as OSX_RSPLUG.C may be unknowingly downloaded by a user while visiting malicious websites. The said websites encourage users to download a software that is needed to play a promised hardcore pornographic video, which is actually a Trojan that renders your computer easy prey to hackers. It arrives as a .DMG file and contains a .PKG file. When executed, it displays the following GUI installation window:
While the said application is being installed in the background, it also executes BASH scripts obfuscated by an SED command. The said scripts drop files that set up a cron job to run a component file. It also executes a PERL script that allows the malware to connect to servers to download and execute other scripts. This modifies the settings of the computer’s DNS servers and redirects users to virtually any site of the cybercriminals’ choice. Users find themselves being led to phishing sites or sites where other malware can be downloaded.
As if one malware is not enough, another malware OSX_RSPLUG.E has also been detected. Just like the first malware, the software that comes with the prompt is also a Trojan that follows pretty much the same routine and has the same payload. The only difference being, apart from being obfuscated by an SED command, the malware’s execution is also obfuscated by a UUEncode program.