Apple Mac malware: caught on camera

Pob in our analysis labs blogged earlier this week about a new variant of the RSPlug Trojan horse for Mac OS X that he had written protection against.

One of the ways in which the OSX/RSPlug-F Mac Trojan horse is being distributed by hackers is in the form of a poisoned HDTV/DTV program called MacCinema.

As you’ll see in this video, visiting a website that gives many of the signs of legitimacy, can lead to you downloading a Trojan horse. Even for the Apple Mac.

[youtube=http://www.youtube.com/watch?v=RTeSYmQS820]

And don’t try and tell me that this couldn’t affect Mac OS X users because they would have to enter their administrator username and password to install the package. If they were prepared to download this program from this website, I feel pretty confident that they would enter their administrator details to allow installation too!

Sign up to our free newsletter.
Security news, advice, and tips.

Mac users are no different to Windows users in this regard – this is social engineering, plain and simple.

Oh, and Windows users shouldn’t feel too smug about this either. If you visit the site on a Windows computer, it will serve up a malicious Windows executable from the Zlob family of malware rather than a Mac OS X Trojan horse.

By the way, we tried this on both Firefox and Safari on the Apple Mac. It makes no difference. The attack does not depend on a browser vulnerability – it works by the user being convinced that this is a program that they would like to run on their computer.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.