Fake Installer Malware SMS Trojan Mac

A new Trojan for Mac is in the wild that mimics the actions of an installer. The malware tries to monetize the attack by having users enter their mobile phone numbers for the purpose of “activation” via a SMS message.

The detected threat called, “Trojan.SMSSend.3666″ was brought to light by Russian security firm Doctor Web. Previously, this fake installer scheme only existed on Windows.

How it works is when a user launches the fake installer on OS X, they are presented with the familiar interface of the installation wizard for an application:


In order to continue the installation process, the user is prompted to enter their cell number so they can input a code for activation that they will receive via SMS. By doing so, the user is charged a subscription fee debited to their mobile phone account on a regular basis.

VIA: The Next Web

Update: Apple has now updated its Xprotect.plist blacklist to allow OS X to detect and alert the user if downloaded.

Tagged with: , , , , , , , , ,
Posted in Macintosh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enter your email address to follow this site and receive notifications of new posts by email.

Join 197 other subscribers
wordpress com stats plugin
%d bloggers like this: