Apple Mac users warned of web-based malware threats

Sophos Press Release

RSPlug-F Mac Trojan horse distributed via HDTV website

IT security and control firm Sophos is warning Apple Mac users to be on their guard against websites hosting malicious code designed to infect their systems. The advice follows the discovery of a new version of the OSX/RSPlug Trojan horse that is being distributed via a legitimate-looking website offering HDTV software.

Apple Mac malware: Caught on camera from Sophos Labs on Vimeo.

"There is much less malware for the Apple Mac than there is for Windows, but that doesn't mean that Apple fans can hide their head in the sand like ostriches," said Graham Cluley, senior technology consultant for Sophos. "Mac users are no different to Windows users when it comes to falling for social engineering tricks like this - they are just as likely to install and run this program on their computer if they believe it will help them watch high definition TV."

Sophos notes that the criminal gang behind this malware attack is targeting Windows computers as well as Mac OS X.

"Windows users shouldn't be feeling smug about this attack against Mac users. If you visit the website from a Windows computer, it will serve up a malicious Windows executable from the Zlob family of malware rather than the RSPlug-F Mac OS X Trojan horse. By targeting both platforms with their malicious website, the hackers can kill two birds with one stone," explained Cluley. "Once a piece of malware like this is in place on your computer, it can do whatever the hacker wants it to do. Mac users are gambling with the security of their data if they believe they are somehow magically immune from threats that Windows users have lived with everyday for years."

Sophos experts have determined that the RSPlug-F Trojan horse changes DNS Settings on Apple Mac computers, meaning users may find they are taken to bogus websites which may attempt to steal personal information, display revenue-generating adverts, or install further malware.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at