First Fake Installer Trojan Hits OS X

SMSSend 3666

Just breaking via TNW, a new Trojan named “Trojan.SMSSend.3666″ has been found by the security firm Doctor Web. The fake installer asks the victim to put in their mobile number to receive a code. This, then triggers an automatic subscription fee tacked onto the users’ account. While these fake installers are common for Windows users, this is the first time one has been found for Macs.

TNW pointed out in their post—First OS X Fake Installer Malware Spotted—that the installer may or may not even install the app people think they are getting, but that doesn’t matter if the bad guys already have you on the hook for their subscription fee:

A new Trojan for Mac has been discovered that mimics the actions of an installer. The malware attempts to monetize the attack by having users enter their mobile phone numbers for the purpose of “activation.”

[...]

In order to continue the “installation process,” the user is prompted to enter their cellphone number into the corresponding field and then input a code they are to receive via SMS. By doing so, the user is charged a subscription fee debited to their mobile phone account on a regular basis.

After that, the cybercriminal has achieved his or her goal. The installer in question doesn’t even have to complete: Doctor Web says it has found installers that install the legitimate apps they claim to mimic, which are of course also available for free on their corresponding official sites, as well as ones that contain meaningless data.

Details on this trojan can be found on the Dr.Web post.

How to prevent this? Well this is where the new software protections built into Mountain Lion come in. If you have your security settings set to only the “Mac App store and identified developers”:

2012 12 11 13 56 11

Then your risk is much lower. If you have it set to “Anywhere” and download software from any place on the net, well, you might pick up something unexpected with that installer.

Downloader beware.

Like this post? Share it!

  • http://twitter.com/massa0000 Humberto Massa

    LibreOffice is not signed. Following the given advice will lock the user out of a lot of userful and reliable Free and Open Source Software.

    • http://trishussey.com Tris Hussey

      True, but those who use LibreOffice also tend to be those who are less likely to fall for this anyway.

      • Zangpakto

        Exactly, I think more than likely it is your average user that might fall for this and where Mountain Lions security will shine.

        I mean most people would get office and maybe one or two games (all either on DVD or available on App Store). They wont install 3rd party software to do something when they can access apps easily. However if they do accidentally, then at least there is a security measure to stop em..

        But seriously, mobile activation for free software? Who falls for these things anyway…

        • Pacomacman

          I used to have a hotmail account but after not using it for some time Microsoft froze the account. To unfreeze it they wanted my mobile number to verify my identity…. Result, I dumped Hotmail!