Trend Micro said in a blog posting on Wednesday that it had discovered several fake Snow Leopard download sites that serve up a DNS (domain name system) changer Trojan dubbed OSX_JAHLAV.K instead.
See also: Special Report: Snow Leopard
The Trojan alters the DNS configuration and includes two additional IP addresses in its DSN server, the blog states. Users can then be redirected to phishing sites, some of which are reportedly hosting rogue antivirus software called FAKEAV, Trend Micro said.
Snow Leopard is due to be released to the public on Friday. Mac users should get Snow Leopard directly from Apple, Trend Micro said.
This article was originally published on CNET News.