New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan

Earlier this week, Russian security firm Dr. Web published a blog post announcing the discovery of a new OS X trojan horse known as "Trojan.SMSSend.3666". The malware masquerades as an installer for various software titles, but tricks users into signing up for subscriptions through their mobile devices.

When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the "installation" fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis.
Similar trojans have affected Windows and even Android platforms for some time, but the tactic is now being used to target Mac users.


Apple has moved quickly to address the threat, adding definitions for the malware to its "Xprotect.plist" blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009. In its original incarnation, users were required to update definitions manually, but as malware threats against OS X grew, Apple last year instituted automatic daily checks to keep users' systems updated. The anti-malware tools automatically detect when a user has downloaded a file matching the signature of known malware, alerting the user of the threat and advising them to discard the downloaded file.

Top Rated Comments

(View all)

25 months ago

And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.


LOL welcome to reality - this isn't a virus at all. It's a fake installer that asks for your cell phone number. It's not an infection - it's a poor phishing attempt.
Rating: 20 Votes
25 months ago
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this :D
Rating: 15 Votes
25 months ago

And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.


Since this application is neither a virus nor spyware I'd say people are quite right.
Rating: 12 Votes
25 months ago

And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.


From wikipedia:

A computer virus is a computer program that can replicate itself[1] and spread from one computer to another.


Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge.


This is neither. Its a plain old scam.
Rating: 11 Votes
25 months ago
Somehow I am not worried about this 'Trojan'

Anything that requires me launching an installer and than requiring me to type in my password and cell phone number is not scary at all - its a lame phishing attempt that I laugh about.

I would be worried if it installs automatically in the background and than accesses my address book to get my cell phone number - but even than I would not respond to that SMS to get charged money.

Honestly, I don't get the people that did type in their cell phone number - it is almost impossible to protect those people from their own stupidity.

Anyway, glad to see that Apple is trying to protect people from their own stupidity.
Rating: 10 Votes
25 months ago
Nicely handled, it would seem.

But really, it seems to me this is an issue phone service providers should handle. Why is the money that they handle handled so insecurely? Shouldn't our provider send us some sort of message for us to confirm that some company is going to start leaching money via our phone bill and shouldn't they block companies that they find frequently commit this kind of fraud?
Rating: 8 Votes
25 months ago

Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this :D


And again, you are wrong about Windows. Or maybe you are stuck in a time loop about a decade ago.

Nothing can "escalate itself privelidge-wise [sic]" in Windows either. You have to have the permissions and even then explicitly allow extended "privelidges" [sic]. Unless someone is a dolt and disables all the default security that exists in Windows.
Rating: 7 Votes
25 months ago
I'm just utterly amazed at how many people on here are throwing around terms like "idiot" and "moron" in regards to trojan malware. The entire concept of a trojan is that it resembles legitimate software (when done "properly", it's EXACTLY IDENTICAL in appearance). Web sites can be hacked and hijacked. Legitimate software can be redirected to trojan versions and the poor souls that happen to download what they believed was the legitimate software from a legitimate web site before it's detected are real victims and they are NOT "morons". :mad:

All the people in this thread that think it could NEVER happen to them are like people living in the desert that think their house couldn't possibly be flooded because it hardly ever rains. The sheer amount of ignorance on this subject is simply astounding. You're sitting there behind your keyboards reading about what sounds like someone logging on to "Trojan.com" and purposely downloading a trojan and then installing it. I see lists of things to do that act like Apple's so-called "warning" of "Gee, this program was downloaded off the Internet; you sure you want to run it" is some kind of malware detector? Bullcrap. It says that for trojans and legitimate software alike. Gatekeeper's only function is try and get you to buy all your software from Apple's App store. I guess that's what you all must do since otherwise, you'd be terrified to actually click "OK" after that warning, which you MUST do in order to install ANYTHING (legit or otherwise) off the Internet. Apple's malware detection tools are ONLY useful AFTER they've added the new definition. If you get it before then, tough luck.

But nevermind all the exploits that have been found in things like Java, Flash, Webkit, etc. over the years; yeah you got lucky someone didn't take full advantage of it; but no...it's because you're too smart! Those people MUST have been "morons" or "idiots", right? Yeah, right. It's often the ones who think they couldn't ever fall for something that are particularly vulnerable because they become careless. If an anti-malware program becomes available, they won't bother to install/use it because they think they're too smart for the criminals out there. Yes, I'm sure none of you have ever visited anything but large corporate web sites and your kids have never surfed anywhere but legitimate sites too and no such web site has EVER been hijacked or hacked in the history of the Internet.... :rolleyes: :rolleyes: :rolleyes:

True, if this was either a virus or spyware. the only difference is that this "Trojan" still requires the user to allow it while other systems can be infected simply by visiting a website.

But as long as Gatekeeper is used to block the apps, then this shouldn't be a problem.


And so you ONLY install certified software and/or Apple App store apps? You sure have a limited selection to pick from.
Rating: 4 Votes
24 months ago

Your post referred to hijacking the download location of apps by hacking developers websites and etc. Your post didn't reference Trojans in general. So I responded to the content of your post.


Am I living in the Twilight Zone or something? This is the quote of my reply in your own post:

MagnusVonmagnum said,:
If a web site gets hacked or hijacked and the official software replaced with a perfect look-alike with a backdoor trojan, are you going to be too smart to fall for it and non download it with no visible signs that there's an issue??? Really? Seriously? Yeah, I don't think so.



I think I said TROJAN quite clearly. It is, after all, the focal point of the thread.


Gatekeeper also protects users from Trojans in general because unsigned apps can't run until manually allowed to do so. This prevents Trojans from sneaking into the system.


It doesn't prevent anything because non-signed apps HAVE to be overriddent to install period (legitimate or not, it doesn't matter; you still have to click OK. If you think it's legit and therefore click OK, but it isn't, how does Gatekeeper "help" identify it? Gatekeeper is only useful if you ONLY run signed apps, but as I said way back at the beginning, that limits the software you can run on your machine. I just installed Fan Control by Lobotomo (from 2007). I needed it to automate my fan and make sure my Mac Mini doesn't slowly fry itself when encoding Handbrake content, etc. (SMCFanControl has no such protection; it's purely higher minimums and manual control). If I used Gatekeeper and refused to override for fear of malware, I wouldn't be able to install it period. Gatekeeper is USELESS to me there.
Rating: 4 Votes
25 months ago

Nope. How did you come to that conclusion from my post?


Because a person who downloads unsigned software is taking an inherent risk. It may be a small risk, but it's still there, none-the-less. All this talk on here about only stupid people falling for this sort of thing needs to stop. It's not only against the rules, but it's inaccurate as well. Less educated people might be more likely to have a problem, statistically, but to even evaluate a problem one has to be aware of it first. Or do you think the first person that ever scanned their credit card at a gas pump that had a 3rd party scam scanner inserted into it (i.e. you're scanning with the scammer's scan reader, not the gas pump's) should have "just known" what to look for the first time one ever appeared? If a web site gets hacked or hijacked and the official software replaced with a perfect look-alike with a backdoor trojan, are you going to be too smart to fall for it and non download it with no visible signs that there's an issue??? Really? Seriously? Yeah, I don't think so. I think too many people on here have a false sense of security based solely on the reasoning that it hasn't happened to them yet. Well, I haven't been hit by lightning yet or won the super lotto, but I'm at least aware it COULD happen.


I install all sorts of software from all sorts of sites and am more than capable of determining which sites to visit and which files/applications to download safely. I've been doing that for quite a few years now and have yet to download a virus/Trojan/ or other malware/spyware.


Yeah and I'm more than capable of judging whether a woman has an STD by looking her over carefully. :rolleyes:

I see a lot of INSULTS going on in this thread about how STUPID people would have to be to get their computer infected. I've seen similar comments elsewhere about AIDS, etc. as well. These people think condoms never fail, birth control is 100% effective and other naive conclusions just because it hasn't happened to them (yet anyway). I simply think people could be a little less careless with their comments. It's not only against the rules to flame/insult people on here, but it can and will bite you in the hind quarter some day. To quote Bogart, "Maybe not today, maybe not tomorrow, but soon and for the rest of your life."

And clearly you have no idea of what a Trojan is ... This kind of virus you have to install by yourself .... Is not OS X the problem: it's the user in front of the screen.


Actually, the problem is the criminal trying to trick people with look-alike software that is the real problem. Your logic reminds me of people who blame the woman for getting raped instead of the rapist. :rolleyes:
Rating: 4 Votes

[ Read All Comments ]