While things have been relatively quiet on the malware front for OS X since a raid on Russian payment processing firm ChronoPay appeared to have taken down MacDefender nearly two months ago, one new trojan horse did pop up earlier this month. As detailed by F-Secure, the trojan known as "OSX.QHost.WB.A" masquerades as a Flash Player installer but actually adds entries to a computer's hosts file to redirect users attempting to visit certain Google sites.
Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands.
The server at the IP address displays a fake webpage designed to appear similar to the legitimate Google site.
Search results on the fake Google pages actually lead to pop-up windows that load external content which was broken at the time of discovery but presumably consisted of advertisements of some sort. While the threat as implemented at the time of discovery was relatively mild, inexperienced users falling for the trojan could find themselves unaware of what had happened to their systems and how to fix the hijacked routing added by the malware.
Consequently, Apple earlier this week made its first significant addition to its "XProtect.plist" file since the spate of MacDefender variants surfaced in June. The XProtect.plist file contains malware definitions to enable users' systems to recognize and warn users of malicious downloads, a feature that debuted with Mac OS X Snow Leopard back in 2009.
The original anti-malware system required manual updates to account for new threats, and as such was updated only rarely by Apple as part of larger software updates. But with an Apple software update issued in response to the MacDefender threat earlier this year, Mac OS X systems are now able to make daily checks for updates to that file to ensure up-to-date protection against malware.
Monday December 1, 2025 4:37 pm PST by Juli Clover
We're getting closer to the launch of the final major iOS update of the year, with Apple set to release iOS 26.2 in December. We've had three betas so far and are expecting a fourth beta or a release candidate this week, so a launch could follow as soon as next week.
Past Launch Dates
Apple's past iOS x.2 updates from the last few years have all happened right around the middle of the...
Tuesday December 2, 2025 11:09 am PST by Juli Clover
Apple is encouraging iPhone users who are still running iOS 18 to upgrade to iOS 26 by making the iOS 26 software upgrade option more prominent.
Since iOS 26 launched in September, it has been displayed as an optional upgrade at the bottom of the Software Update interface in the Settings app. iOS 18 has been the default operating system option, and users running iOS 18 have seen iOS 18...
Monday December 1, 2025 3:00 am PST by Tim Hardwick
Apple is expected to launch a new foldable iPhone next year, based on multiple rumors and credible sources. The long-awaited device has been rumored for years now, but signs increasingly suggest that 2026 could indeed be the year that Apple releases its first foldable device.
Subscribe to the MacRumors YouTube channel for more videos.
Below, we've collated an updated set of key details that ...
Tuesday December 2, 2025 9:44 am PST by Juli Clover
Apple's iPhone 17 lineup is selling well enough that Apple is on track to ship more than 247.4 million total iPhones in 2025, according to a new report from IDC.
Total 2025 shipments are forecast to grow 6.1 percent year over year due to iPhone 17 demand and increased sales in China, a major market for Apple.
Overall worldwide smartphone shipments across Android and iOS are forecast to...
Wednesday December 3, 2025 10:33 am PST by Juli Clover
Apple today seeded the release candidate versions of upcoming iOS 26.2 and iPadOS 26.2 updates to developers and public beta testers, with the software coming two weeks after Apple seeded the third betas. The release candidates represent the final versions of iOS 26.2 and iPadOS 26.2 that will be provided to the public if no further bugs are found during this final week of testing....
Monday December 1, 2025 5:00 am PST by Tim Hardwick
2026 could be a bumper year for Apple's Mac lineup, with the company expected to announce as many as four separate MacBook launches. Rumors suggest Apple will court both ends of the consumer spectrum, with more affordable options for students and feature-rich premium lines for users that seek the highest specifications from a laptop.
Below is a breakdown of what we're expecting over the next ...
Thursday December 4, 2025 9:30 am PST by Joe Rossignol
In a statement shared with Bloomberg on Wednesday, Apple confirmed that its software design chief Alan Dye will be leaving. Apple said Dye will be succeeded by Stephen Lemay, who has been a software designer at the company since 1999.
Meta CEO Mark Zuckerberg announced that Dye will lead a new creative studio within the company's AR/VR division Reality Labs.
On his blog Daring Fireball,...
The iPhone Air has recorded the steepest early resale value drop of any iPhone model in years, with new data showing that several configurations have lost almost 50% of their value within ten weeks of launch.
According to a ten-week analysis published by SellCell, Apple's latest lineup is showing a pronounced split in resale performance between the iPhone 17 models and the iPhone Air....
Tuesday December 2, 2025 3:30 pm PST by Juli Clover
OpenAI is deprioritizing work on advertising as it focuses on improving the quality of ChatGPT, reports The Information. OpenAI CEO Sam Altman declared a "code red" on Monday, and told employees that the company needs to improve ChatGPT so it doesn't fall behind competitors like Google and Anthropic.
Altman said that OpenAI needs to work on personalization for each user, image generation,...
Thursday December 4, 2025 5:18 am PST by Tim Hardwick
iPhone 17 Pro models, it turns out, can't take photos in Night mode when Portrait mode is selected in the Camera app – a capability that's been available on Apple's Pro devices since the iPhone 12 Pro in 2020.
If you're an iPhone 17 Pro or iPhone 17 Pro Max owner, try it for yourself: Open the Camera app with Photo selected in the carousel, then cover the rear lenses with your hand to...
No, it's not a "virus". It's a trojan. You think it's good, but its bad. (heh... depending on if you think "flash" is "good").
A question I have though, is under what conditions should ANY software modify the hosts file? Should Apple even allow programs that have been granted administrative rights to alter the hosts file? There is only a very limited benvolent use case for such an action, and that very related to what they did here: some anti-ad or anti-spyware utilities modify a host file to redirect known ad-producing domains to a "safe" domain. I personally think any modification of the host file should be given a warning like this:
The program _____ is trying to update a core Mac OS X system file that is used to provide network connectivity. While online advertisement blocking programs may require legitimate use of this file, most others applications may represent an attempt to install malicious software onto your computer. Are you sure you want to allow program _____ to modify this file?
Funny.... I updated Flash yesterday on my kids' Mac mini and I thought that writing a Trojan that masquerades as an update to Flash would be brilliant since Flash is updated so often and getting prompted that you need to update Flash to view a website is very common..... And then today, here it is.
