Dr.Web discovers fake-installer Trojan(SMSSend) for Mac OS

 

Apple users have had the luxury of lower number of infections so far compared to other platforms. Dr Web, a Russian antivirus company discovers a fake installer trojan.SMSSend.

Trojan.SMSSend.3666 is the Mac variant within the Trojan.SMSSend family of fake installers. These kind of Trojans have been infecting Windows users for years. These appear to be legitimate software with standard set of installation wizard like any other software.

The attackers rely on SMS fraud to monetize their scam, so the install-wizard prompts its victims to enter their cell-phone number into the designated field then sends a code to that user’s mobile device asking them to confirm the code back into the installer. Use rs that do this are unwittingly agreeing to the terms of a fairly typical SMS subscription scam that charges exorbitant fees to the user’s mobile phone account in exchange for meaningless SMS messages.

 

 


Dr Web  says ”  Trojan.SMSSend programs are found in large numbers on the Internet. These are fake installers available on various sites disguised as distributions of legitimate software. When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the “installation” fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis. Such installers usually contain meaningless data or the programs they are supposed to install, which in fact can be downloaded from official sites of their developers free of charge.

 Trojans of this family used to plague Windows users, but Trojan.SMSSend.3666 targets owners of Apple computers. When the fake installer is launched, it displays the installation window of VKMusic 4 for Mac OS X, an application designed to listen to the music on a popular Russian social networking site. However, to activate the program, attackers traditionally require a cell phone number and a confirmation code. ”

Refer all : http://news.drweb.com/show/?i=3138
Share Button
Tagged with 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>