Java-based Trojan For Mac OS X Discovered

• Tweet
• Pin It
• Comments:

Malware? On the Mac? Barely a year ago, saying something like that to a Mac user would be akin to blasphemy of the walled Apple ecosystem. But now that a new Trojan has been found on OS X which has the potential to complete disable the OS’s access protection features, it seems like Mac users can no longer use ‘security’ as a reason to justify using Mac OS X over Microsoft Windows.

Read on to find out more about this trojan.

Surprise, surprise! Apple’s claims of OS X being well-defended against the threat of malware has just been debunked by the release of a new trojan horse which security firm SecureMac claims is capable of unleashing some serious trouble on that copy of OS X installed on the Mac.

Known as trojan.osx.boonana.a, the trojan works by disguising itself as a video being hosted on social networking sites, which in turn is linked via a text URL posted on most popular social networking sites. And to top off the disguise, the post in which it appears also has a fairly innocent-sounding subject which asks potential victims whether they were able to identify themselves in the ‘video’.

Of course, any web-savvy user would be immediately wary about clicking on an unfamiliar link with an overly innocent subject in any online social networking site. However, it appears that some users were trusting enough to actually access those links, and that was where the ‘fun’ started.

When the link is accessed, the trojan starts to execute itself as a Java applet which is somehow capable of bypassing Mac OS X’s built-in sandboxing protection scheme. SecureMac did not elaborate on how the applet was able to do so, but the company stated that upon gaming access to the Mac, the trojan will download a list of files and and installer, which launches automatically. And when the installer runs, it proceeds to install modified versions of the OS X system files disables OS X’s password verification, thus allowing all forms out external access into the system.

In addition to dumping its payload and wrecking system files, the trojan is also capable of running silently in the background on startup while linking with a botnet to send and receive information from the infected Mac. Last but not least, the trojan has also been reported to be capable of spreading itself through emails and spam messages on popular social networking websites.

Sounds nasty? Well, it appears that the trojan’s ability to infect other Macs has been called into question by a competing antivirus company, Intego. Apparently Intego agrees that while the trojan’s ability to modify system files and run invisibly with minimal user interaction is a real threat, the company claims that it was not able reproduce the part of it infecting other Macs via spam mail and messages. It attributes this to either the presence of bugs in the trojan or a dormant botnet which has yet to be activated, both of which greatly diminishes its ability to propagate and spread.

Either way, it does not change the fact that Apple’s OS X is slowly but surely becoming a target for malware authors, and this announcement of a new trojan for the Mac platform is proof. How Apple and Oracle will react to this remains to be seen, but we definitely will not be holding our breath. Especially not after Apple announcing that support for Java will be dropped on the upcoming OS X 10.6, Lion.

And until the security hole has been patched, Mac users might want to seek a little ‘Web Safety 101′ from users of other ‘battle-hardened’ operating systems. Like Microsoft Windows Vista and Windows 7.

Source: SecureMac and Intego via MacRumors, DZone

• Tweet
• Pin It
• Comments: