SecureMac claims to have discovered a new trojan horse that affects Mac OS X, including Snow Leopard. The malware, dubbed trojan.osx.boonana.a, is spreading through social networking sites, SecureMac warns, disguised as a video.
The security firm reveals
that “The trojan is currently appearing as a link in messages on social networking sites with the subject ‘Is this you in this video?’”
“When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system,” it explains.
The trojan is reportedly tasked with periodically checking in with command and control servers to report information on the infected system, and runs invisibly in the background at startup.
“While running, the trojan horse hijacks user accounts to spread itself further via spam messages. Users have reported the trojan is spreading through e-mail as well as social media sites,” SecureMac claims.
The company cites Nicholas Ptacek, one of its own security researchers, as saying "This is a sobering reminder that hackers are turning their efforts toward Mac OS X as Apple's marketshare grows, and users should be vigilant in protecting their computers and taking precautions when surfing the web.”
As such, SecureMac has released a free removal tool to help eliminate this threat (download link further down). It rates the security risk as “Critical”.
Alternately, users can stay on the safe side by simply turning off Java in their web browser. To do this in Safari, click the Security tab under Safari Preferences, and un-tick the "Enable Java" checkbox.
While the threat is real, as rival security firm Intego admits
, the threat level is not very alarming, according to their latest blog post.
“While Intego has evidence of several infections in the wild, we are not currently able to go beyond this step, as either the malicious malware has bugs preventing it from running correctly, or the servers it contacts are not active or are not serving the correct files,” reads a memo from the self-touted Mac security specialist.
In fact, the malware in question is labeled by Intego as “especially malicious”, but the security software vendor stresses that “the current Mac OS X implementation is flawed, and the threat is therefore low.”
“However, Mac users should be aware that this threat exists, and that it is likely to be operative in the future, so this […] Trojan horse may become an issue for Macs,” it adds.
For their part, Intego are pushing VirusBarrier X5 and X6 onto customers looking to protect their Macs from this kind of infection, as well as other kinds of malware.
The only difference between SecureMac’s Boonana Removal Tool, and Intego’s VirusBarrier is the price.
Notably, VirusBarrier costs € 59.95. SecureMac’s simple tool, admittedly targeting this single piece of malware, is free.Download Boonana Removal Tool (Free)Download VirusBarrier (Update / Trial / Buy)