Latest Mac malware adds to 'troubling trend,' says security expert

Apple has updated its XProtect definitions after a new malware variant appeared, targeting Russian social network users. One security expert says the increase in OS X-specific malware is "troubling." However, the increase in Mac malware should not be overblown.
Written by Zack Whittaker, Contributor
A fake OS X installer that asks for a cell phone number. Image credit: Dr. Web

Earlier this week, Apple updated XProtect, the built-in OS X anti-malware service, with new definitions to help combat a new Trojan designed for the Mac operating system, dubbed Trojan.SMSSend.3666

While already in wide circulation of Windows users, the Trojan made its debut on OS X machines in this new malware strain. Trojan.SMSSend.3666 is a fake installer application that claims to play music across Russian social network VK.com, which can be downloaded from a variety of sources, and attempts to deceive the user into entering a cell number to activate the software. In doing so, it subscribes the cell user to a chargeable subscription service that debits mobile phone accounts regularly.

Apple updated XProtect in a two-day turnaround, despite the low threat posed by the malware. Numerous other Mac-focused third-party anti-virus services were updated within 24 hours. 

In the past year alone, Apple has combated a number of malware attacks to its OS X operating system. Flashback resulted in more than 600,000 Apple machines being infected earlier this year. And, while the increase in OS X malware shows a "troubling trend," according to one Mac expert, most Mac users should not panic, but also not remain complacent.

Security and Mac expert Thomas Reed said that Russian malware writers were likely behind the Trojan and are "aiming at a target that they are familiar with." 

While Flashback was a problem for Mac users worldwide, an increasing amount of Mac-related malware is focused on users outside the U.S, according to Reed. "Many have been aimed specifically at Tibetan human rights groups and the Dalai Lama."

But above all else, the overall Mac malware threat should be not be underestimated for the future, but not be overestimated for the present. The latest Trojan.SMSSend malware is, "not really a big deal, but it adds to a troubling trend," Reed told ZDNet.

"By my current count, including SMSSend, there are now 35 different malware families that have ever affected OS X. Most of those are strung out over the history of OS X, but ten [around 28 percent] of all those malware families appeared this year alone." He added this rises to 11 out of 36 -- or just over 30 percent -- if you count the 2011 and 2012 variants of Flashback as different.

"Macs have become a larger target for malware writers, due to their newfound popularity." 

Reed said that over the past year, "Macs have become a larger target for malware writers, due to their newfound popularity." But, he warned that the increased threat should be taken with a pinch of salt and not be blown out of proportion.

In the fourth quarter alone, Apple said during its earnings that it had sold 4.9 million Macs during the three month period ending in September, an increase of 1 percent on the same quarter a year ago. Apple also shipped more Macs than any other machines sold by individual PC manufacturer during the same quarter, the firm said.

According to Net Applications, Apple has a Mac market share of 7.3 percent as of November, an increase of more than 1 percentage point during the same month a year ago.

As Reed notes, ten new strains of Mac malware per year is still quite low relative to the Windows world. The bigger threat is social engineering, which is harder to block with technology. Reed said: "...obviously there will always be users who can be tricked into doing something they shouldn't."

Editorial standards