Mac trojan attack gathers steam

Mac trojan attack gathers steam


Mac attack being served up with PC malware

The OSX.RSPlug.A phishing trojan that targets users of Apple's OS X operating system has been found to be much more widespread than originally believed, say experts.

David Marcus, security research and communications director for McAfee said that the trojan has spread to several sites that offer fake codecs. The first reports about the worm indicated that it was distributed as a codec on a porn website that was advertised in spam messages posted on Mac bulletin boards.

The attackers behind the sites crafted their malware to detect the visito's operating sytem, allowing them to serve up a tailormade exploit and thereby guaranteeing a higher rate of infections.

McAfee confirmed that, as reported earlier by Intego, the trojan infects Mac users with a DNS changer. The changer re-directs web traffic from legitimate sites to either phishing pages or sites that serve ads.

Although the trojan being distributed by more sites than originally believed, Marcus noted that there are still few actual infections being reported.

The trojan is believed to be the first functional piece of malware to be released for OS X. If

How it fares could determine whether other malware authors follow suit, said Marcus. If the trojan is succesful at infecting machines, malware writers are bound to repeat the attack method, he argued.

"Ultimately, if the malware is successful and it can make the malware writer money on the Mac platform, it could catch on."