X

New Trojan attempts SMS fraud on OS X users

The threat is minimal, but perhaps costly for those who fall for it.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
2 min read

The Russian security firm Dr. Web has uncovered another malware attempt on OS X systems that tries to exploit users with SMS fraud.

The new malware is a Trojan horse, dubbed "Trojan.SMSSend.3666," and is part of a family of Trojan malware for Windows and other platforms that have affected Windows users for years.

As with all Trojans, these pose as legitimate programs that are made available for download from a number of underground Web sites, with this current one for OS X appearing to be an installer for a program called VKMusic 4, a utility whose legitimate version is used for communication between machines on a European social network called VK.

During its installation, the malware triggers an SMS fraud routine where it asks users to enter cell phone numbers, then sends them SMS messages to confirm, which then subscribes the users to a scam that charges high fees for junk messages being sent to their phones.

Unlike recent malware targeted at OS X, this one is not a Java-based attempt to hack the system and install dropper programs that open backdoor access to the system. This one is built as a Mach-O binary that uses the OS X native runtime; however, this change does not alter the threat level significantly. Since the malware is distributed through underground means and requires specific user interaction both to install, and then subsequently and knowingly provide private information, it is a relatively minimal threat.

However, despite its slight impact, it does add yet another instance to the relatively short list of malware for OS X as compared to those for Windows and other platforms.

As with other recent malware for OS X, this one appears to be built specifically to fool those that use the European VK social network, as opposed to being a more widespread attempt, as was seen with the MacDefender malware.

Currently Apple's XProtect malware definitions have not yet been updated to identify this new scourge, but as it gets analyzed and identified by security firms, the definitions will spread out for various anti-malware utilities. However, overall the main security tips emphasized by this development are to first check where any installer for your system came from, and then be cautious about giving out personal information including phone numbers and addresses. This is especially true for any installer you downloaded from a site that is not directly from the developer itself.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.