Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Two new malware for Mac OS X were recently discovered. Even though there are indeed relatively fewer Mac malware compared with Windows, many Mac users who still believe they are somehow magically immune from attacks may run the risk of encountering any of these two.

    One of the newest Mac OS X malware, a Trojan detected as OSX_RSPLUG.C may be unknowingly downloaded by a user while visiting malicious websites. The said websites encourage users to download a software that is needed to play a promised hardcore pornographic video, which is actually a Trojan that renders your computer easy prey to hackers. It arrives as a .DMG file and contains a .PKG file. When executed, it displays the following GUI installation window:

    OSX_RSPLUG installer GUI

    While the said application is being installed in the background, it also executes BASH scripts obfuscated by an SED command. The said scripts drop files that set up a cron job to run a component file. It also executes a PERL script that allows the malware to connect to servers to download and execute other scripts. This modifies the settings of the computer’s DNS servers and redirects users to virtually any site of the cybercriminals’ choice. Users find themselves being led to phishing sites or sites where other malware can be downloaded.

    As if one malware is not enough, another malware OSX_RSPLUG.E has also been detected. Just like the first malware, the software that comes with the prompt is also a Trojan that follows pretty much the same routine and has the same payload. The only difference being, apart from being obfuscated by an SED command, the malware’s execution is also obfuscated by a UUEncode program.

    Trend Micro’s Smart Protection Network already detects OSX_RSPLUG.C and OSX_RSPLUG.E and provides solutions for their cleanup and removal.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice