Pob in our analysis labs blogged earlier this week about a new variant of the RSPlug Trojan horse for Mac OS X that he had written protection against.
One of the ways in which the OSX/RSPlug-F Mac Trojan horse is being distributed by hackers is in the form of a poisoned HDTV/DTV program called MacCinema.
As you’ll see in this video, visiting a website that gives many of the signs of legitimacy, can lead to you downloading a Trojan horse. Even for the Apple Mac.
[youtube=http://www.youtube.com/watch?v=RTeSYmQS820]And don’t try and tell me that this couldn’t affect Mac OS X users because they would have to enter their administrator username and password to install the package. If they were prepared to download this program from this website, I feel pretty confident that they would enter their administrator details to allow installation too!
Mac users are no different to Windows users in this regard – this is social engineering, plain and simple.
Oh, and Windows users shouldn’t feel too smug about this either. If you visit the site on a Windows computer, it will serve up a malicious Windows executable from the Zlob family of malware rather than a Mac OS X Trojan horse.
By the way, we tried this on both Firefox and Safari on the Apple Mac. It makes no difference. The attack does not depend on a browser vulnerability – it works by the user being convinced that this is a program that they would like to run on their computer.