Apple users have had the luxury of lower number of infections so far compared to other platforms. Dr Web, a Russian antivirus company discovers a fake installer trojan.SMSSend.
Trojan.SMSSend.3666 is the Mac variant within the Trojan.SMSSend family of fake installers. These kind of Trojans have been infecting Windows users for years. These appear to be legitimate software with standard set of installation wizard like any other software.
The attackers rely on SMS fraud to monetize their scam, so the install-wizard prompts its victims to enter their cell-phone number into the designated field then sends a code to that user’s mobile device asking them to confirm the code back into the installer. Use rs that do this are unwittingly agreeing to the terms of a fairly typical SMS subscription scam that charges exorbitant fees to the user’s mobile phone account in exchange for meaningless SMS messages.
Dr Web says ” Trojan.SMSSend programs are found in large numbers on the Internet. These are fake installers available on various sites disguised as distributions of legitimate software. When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the “installation” fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis. Such installers usually contain meaningless data or the programs they are supposed to install, which in fact can be downloaded from official sites of their developers free of charge.