Mac malware adopts porn video disguise

Earlier today, Pob in SophosLabs blogged about the discovery of two new pieces of malware for the Apple Mac OS X operating system.

Although there is only a tiny amount of Mac malware compared to Windows viruses, that’s going to be little consolation if your gorgeous new MacBook gets infected. And sadly we know that many Mac users still believe they are somehow magically immune from attacks.

As we’ve demonstrated before, and as we’ll no doubt explain again, the Mac malware threat is real. Hackers are deliberately planting malicious code on websites, and using social engineering tricks to fool you into installing it onto your computer.

In the following video, which demonstrates one of today’s new pieces of Mac malware, a video promising you hardcore pornographic videos pops up a message demanding that you install an ActiveX component to view more. Of course, if you do agree to install the program (it is quite insistent) you actually end up installing a Trojan horse, which effectively hands your computer over to whatever takes the whim of a remote hacker.

Sign up to our free newsletter.
Security news, advice, and tips.
[vimeo=http://vimeo.com/5099385]

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

You see, I’ve got a theory that although many people are undoubtedly buying Apple computers because they’re beautifully designed and well-marketed, there will also be some people who have dumped Windows because they are fed up with all of the spyware, pop-ups and virus attacks.

Indeed, some of the people who may well have suffered a lot from those kind of attacks in the past may be exactly the same kind of folk who visit the grubbier areas of the internet in the wee small hours of the morning. And they may feel that one of the side benefits of switching to a Mac is that they now don’t have to worry about all of those nasty things while they’re err.. watching nasty things.

Mac user, surfing for porn, all ending in tears

But if they think they are immune from attacks they’re making a mistake. We’re seeing more attacks against Mac users all the time, with hackers planting bear-traps that work out if you’re visiting their page on a Windows or Mac computer, and deliver the appropriate malicious payload accordingly.

Interestingly, the discover of two new examples of Mac malware on the same day has happened just after Apple has shown off some of the new features of Snow Leopard, the next version of its Mac OS X operating system in San Francisco.

And after the debacle of last year when Apple was seen to be recommending its users run anti-virus software, only to quickly withdraw the advice, Apple has devoted a page to the security features of Snow Leopard.

And what do we find on that page? The following advice:

The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection.

“May offer additional protection?”. Hmm.. Seeing as the attack mentioned above is not taking advantage of any OS vulnerabilities and just exploiting human weakness, I think Apple would be wise to change that “may” to a “will definitely”.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.