A new Trojan horse malware that affects Mac OS X has been uncovered by Macintosh Security site SecureMac. The Trojan is called "trojan.osx.boonana.a" and is being disguised as a video and distributed through social-networking sites like Facebook.
The Trojan horse appears as a link on people's Facebook pages that may have the text "Is this you in this video?" in the link. When the link is clicked, the Trojan will run a Java applet that will download other files to the computer and run an installer automatically.
The Trojan will run in the background and appears to report system information to servers on the Internet, which can be a big breach of personal information. The Trojan also will attempt to spread itself by sending messages from the user account to other people through spam e-mail messages.
As with most Trojans, this will require you to enter your password to install the software and make modifications to the system, so be sure you never supply your password unless you specifically open an installer file and know and trust where that installer came from.
Unlike others in the past, this current Trojan was built in Java, and is cross-platform compatible so it can run in both Windows and in multiple versions of OS X, including the latest Snow Leopard release.
Expect antivirus and malware scanner software companies to release updated malware definitions to tackle this threat, but meanwhile be sure to verify with your friends that videos on their social media sites are legitimate. Additionally, if you run a video from an e-mail or Facebook site and it asks for a password, do not supply it with anything, quit the installer, and remove the video from your system.
The installer cannot do anything to your system if you do not supply your password, so unlike a virus that can self-propagate, this should be relatively easy to remove by just deleting the file. Once the Trojan is installed, however, removing its components will be a lot more difficult.
SecureMac has a removal tool for people who have installed this Trojan, so if you are unsure about whether your system is compromised, then we recommend you run the removal tool to be on the safe side: SecureMac Trojan Removal Tool.
For more information on this new threat, see the SecureMac Boonana security bulletin.
UPDATE: Security firm Intego has released a security bulletin of its own, mentioning they have been monitoring this threat for a while; In contrast to the bulletin by SecureMac, they call the threat level posed by this trojan relatively low given its flawed implementation in OS X. Nevertheless, it has potential to be developed into a more serious threat, so people should be aware of it and avoid it.