Apple Mac malware: caught on camera

Pob in our analysis labs blogged earlier this week about a new variant of the RSPlug Trojan horse for Mac OS X that he had written protection against.

One of the ways in which the OSX/RSPlug-F Mac Trojan horse is being distributed by hackers is in the form of a poisoned HDTV/DTV program called MacCinema.

As you'll see in this video, visiting a website that gives many of the signs of legitimacy, can lead to you downloading a Trojan horse. Even for the Apple Mac.

Apple Mac malware: Caught on camera from Sophos Labs on Vimeo.

The video is also available on YouTube.

And don't try and tell me that this couldn't affect Mac OS X users because they would have to enter their administrator username and password to install the package. If they were prepared to download this program from this website, I feel pretty confident that they would enter their administrator details to allow installation too!

Mac users are no different to Windows users in this regard - this is social engineering, plain and simple.

Oh, and Windows users shouldn't feel too smug about this either. If you visit the site on a Windows computer, it will serve up a malicious Windows executable from the Zlob family of malware rather than a Mac OS X Trojan horse.

By the way, we tried this on both Firefox and Safari on the Apple Mac. It makes no difference. The attack does not depend on a browser vulnerability - it works by the user being convinced that this is a program that they would like to run on their computer.