All good things must come to an end it would appear. A touch melodramatic but, you’ll get the point. There is a piece of malware making the rounds according to vnunet.com that targets Mac OS X. This particular beastie is a phishing trojan called OSX.RSPlug.A is masked to look like a video codec.
From vnunet.com:
Users attempting to install the codec receive a piece of malware classified as a ‘DNS Changer’. The software changes the way OS X will handle the DNS requests that are used to link numerical IP addresses to web URLs. The tool allows the attackers to redirect web traffic. Users attempting to visit Paypal, Ebay or certain banking sites for instance will be directed to a phishing website instead.
If confirmed, the trojan would be the first piece of truly malicious software to be targeted at OS X. Researchers have previously developed OS X attacks and exploits, but those were largely proof-of-concept attacks that lacked a malicious payload.
At this point it has not been confirmed by any of the major AV houses. The vendor that claimed the find, Intego, has not been available for comment.
UPDATE: Well damn. Just when I was starting to think that this was some company trying to drum up business, there is corroboration.
McAfee has confirmed the OSX.RSPlug.A trojan and reported that it is spreading through fake codec sites in addition to the porn website.
Tags: OS X Malware, Phishing Trojan, Malware, Trojan, OS X Trojan
