A new Trojan horse for Mac OS X?

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Mac OS X malware

As Numaan points out on the SophosLabs blog, a “new” Trojan horse for the Apple Mac OS X operating system has been discussed in the security community for the last few days.

For instance,

The Trojan horse is closely related to the OSX/RSPlug Trojan horse for Mac OS X that we have seen being distributed in the wild since November 2007.

Sign up to our free newsletter.
Security news, advice, and tips.

As with RSPlug, this most recent Trojan horse is being spread in an unoriginal way. Joe User visits a website expecting to see a video of something pornographic, but is told that they have to install a ‘missing Video ActiveX object’ before it can be viewed. The downloaded software, however, is in reality a piece of Mac OS X malware.

Of course, Apple Mac malware is still relatively unusual compared to the thousands of new Windows-based samples we see every day – so it’s not a surprise to see people talking about this. But what did surprise us in the labs was that this “new” piece of Apple Mac malware was ..err.. news.

Sophos has been detecting this malware for customers as Troj/RKOSX-A since 29 August 2008.

Following all the new interest, we’re going to have to go back to our analysis and add “Lamzev” as an alias in case our customers are searching for it. It’s a shame the other vendors didn’t scan the file with our Mac anti-virus product before deciding on their own name for this “new” piece of malware.

Correction: Read my correction to this story.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.