A new Trojan for Mac is in the wild that mimics the actions of an installer. The malware tries to monetize the attack by having users enter their mobile phone numbers for the purpose of “activation” via a SMS message.
The detected threat called, “Trojan.SMSSend.3666″ was brought to light by Russian security firm Doctor Web. Previously, this fake installer scheme only existed on Windows.
How it works is when a user launches the fake installer on OS X, they are presented with the familiar interface of the installation wizard for an application:
In order to continue the installation process, the user is prompted to enter their cell number so they can input a code for activation that they will receive via SMS. By doing so, the user is charged a subscription fee debited to their mobile phone account on a regular basis.
VIA: The Next Web
Update: Apple has now updated its Xprotect.plist blacklist to allow OS X to detect and alert the user if downloaded.