Tored – a lame email worm for Mac OS X

Apple Mac security
A few days ago our labs analysed a new piece of Apple Mac malware, OSX/Tored-A.

Mac malware is still a lot less commonly encountered than Windows malware – although we are seeing a steady increase in reports of threats targeting the Apple operating system in the last couple of years.

Most of the examples of Mac malware we have seen recently are actually Trojan horses, planted on websites or P2P networks posing as – perhaps – codecs in order to watch a sexy video, a utility for viewing high definition TV, or pretending to be a pirated version of iWork.

OSX/Tored is different, however, because it is an email-aware worm which attempts to scoop up email addresses from your infected Mac computer and forward it to others. Its intended purpose, and presumed origin, is revealed in the opening comments of its RealBasic source code:

Sign up to our free newsletter.
Security news, advice, and tips.

// First Mac OS X Botnet
//Backdoor.OSX.Raedbot.C ,Reconnaissance worm/bot
//(c) Ag_Raed , Tunisia

Bugs in the worm’s code, however, mean it is unlikely that you will ever encounter it, even if the author had taken the time to correct the many spelling mistakes in the emails it tries to send. So don’t lose too much sleep.

The funniest part for me, however, was the message the worm’s author included to try and facilitate the Tored’s distribution in the Mac community:

For Mac OS X ! :(If you are not on Mac please transfer this mail to a Mac and sorry for our fault :)

For now, I think a much more real threat for Apple fanatics is that of websites hosting malicious applications designed to undermine their Mac’s security, as this recent video of a live Mac malware attack demonstrates:

[vimeo 3838133] Apple Mac malware: Caught on camera from SophosLabs on Vimeo.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.