Mac OS X malware posing as fake video codec discovered
Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object found at a bogus Macintosh PortTube site.The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.
The use of fake video codecs is a social engineering tactic exclusively used by malware targeting Windows, and seeing it used in a Mac OS X based malware attack proves that successful social engineering approaches remain OS independent.
"OSX/Jahlav-C is a Trojan created for the Mac OS X operating system. The initial malicious installer is distributed as a missing Video ActiveX Object.
As a part of the installation a malicious shell script file AdobeFlash is created in /Library/Internet Plug-Ins folder and setup to periodically run. The script contains another shell script in an encoded format which in turn contains a Perl script with the main malicious payload. The perl script uses http to communicate with a remote website and download code supplied by the attacker."
The campaign is also using descriptive files such as, HDTVPlayerv3.5.dmg; VideoCodec.dmg; FlashPlayer.dmg; MacTubePlayer.dmg; macvideo.dmg; License.v.3.413.dmg; play-video.dmg, and QuickTime.dmg.
"The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection."
Is the company finally taking the right decision to generate security awareness on a threat that is prone to become a daily routine in the long term, or was it too slow to stop using the Mac's massively advertised immunization to malware as a key differentiation factor?