Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan

Earlier this week, Russian security firm Dr. Web published a blog post announcing the discovery of a new OS X trojan horse known as "Trojan.SMSSend.3666". The malware masquerades as an installer for various software titles, but tricks users into signing up for subscriptions through their mobile devices.

smssend trojan

When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the "installation" fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis.

Similar trojans have affected Windows and even Android platforms for some time, but the tactic is now being used to target Mac users.

smssend definition
Apple has moved quickly to address the threat, adding definitions for the malware to its "Xprotect.plist" blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009. In its original incarnation, users were required to update definitions manually, but as malware threats against OS X grew, Apple last year instituted automatic daily checks to keep users' systems updated. The anti-malware tools automatically detect when a user has downloaded a file matching the signature of known malware, alerting the user of the threat and advising them to discard the downloaded file.

Top Rated Comments

spyguy10709 Avatar
113 months ago
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

LOL welcome to reality - this isn't a virus at all. It's a fake installer that asks for your cell phone number. It's not an infection - it's a poor phishing attempt.
Score: 20 Votes (Like | Disagree)
spyguy10709 Avatar
113 months ago
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this :D
Score: 15 Votes (Like | Disagree)
gnasher729 Avatar
113 months ago
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

Since this application is neither a virus nor spyware I'd say people are quite right.
Score: 12 Votes (Like | Disagree)
mw360 Avatar
113 months ago
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

From wikipedia:

A computer virus is a computer program that can replicate itself[1] and spread from one computer to another.

Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge.

This is neither. Its a plain old scam.
Score: 11 Votes (Like | Disagree)
0815 Avatar
113 months ago
Somehow I am not worried about this 'Trojan'

Anything that requires me launching an installer and than requiring me to type in my password and cell phone number is not scary at all - its a lame phishing attempt that I laugh about.

I would be worried if it installs automatically in the background and than accesses my address book to get my cell phone number - but even than I would not respond to that SMS to get charged money.

Honestly, I don't get the people that did type in their cell phone number - it is almost impossible to protect those people from their own stupidity.

Anyway, glad to see that Apple is trying to protect people from their own stupidity.
Score: 10 Votes (Like | Disagree)
ArtOfWarfare Avatar
113 months ago
Nicely handled, it would seem.

But really, it seems to me this is an issue phone service providers should handle. Why is the money that they handle handled so insecurely? Shouldn't our provider send us some sort of message for us to confirm that some company is going to start leaching money via our phone bill and shouldn't they block companies that they find frequently commit this kind of fraud?
Score: 8 Votes (Like | Disagree)

Top Stories

REC ASA CODE2016 20160601 205816 2745

Elon Musk Reportedly Demanded to Become Apple CEO as Part of Potential Tesla Acquisition [Update: Musk Denies]

Friday July 30, 2021 9:04 am PDT by
Tesla CEO Elon Musk reportedly once demanded that he be made Apple CEO in a brief discussion of a potential acquisition with Apple's current CEO, Tim Cook. The claim comes in a new book titled "Power Play: Tesla, Elon Musk and the Bet of the Century," as reviewed by The Los Angeles Times. According to the book, during a 2016 phone call between Musk and Cook that touched on the possibility of ...
General Apps Messages

Android iMessage Competitor Puts Pressure on Apple

Friday July 30, 2021 3:15 am PDT by
Google and the three major U.S. carriers, including Verizon, AT&T, and T-Mobile, will all support a new communications protocol on Android smartphones starting in 2022, a move that puts pressure on Apple to adopt a new cross-platform messaging standard and may present a challenge to iMessage. Verizon recently announced that it is planning to adopt Messages by Google as its default messaging...
iPhone 13 Always On Feature

iPhone 13 to Bring Over a Major Feature From the Apple Watch

Wednesday July 28, 2021 2:21 am PDT by
Apple's upcoming iPhone 13 lineup will feature an always-on display akin to the Apple Watch Series 5 and Series 6, according to recent reports. In his weekly Power On newsletter, Bloomberg journalist Mark Gurman, who often reveals accurate insights into Apple's plans, said that the iPhone 13 may feature an Apple Watch-inspired always-on mode. The Apple Watch Series 5 and Apple Watch...
duracell battery bitter coating

Apple Says Don't Buy AirTag Replacement Batteries With Bitter Coating

Wednesday July 28, 2021 11:08 am PDT by
Since AirTags were just released earlier this year and are expected to have a year-long battery life, it may be some time yet before AirTag users need a replacement battery, but when the time comes for a refresh, Apple is warning customers not to buy batteries with a bitter coating. AirTags use coin-shaped CR2032 batteries, which happen to be a size that's easy to swallow. Some battery...
a15 chip

iPhone 13 and Redesigned MacBook Pro Chip Production Hit With Gas Contamination

Friday July 30, 2021 5:44 am PDT by
The most important TSMC factory that manufactures Apple's chips destined for next-generation iPhone and Mac models has been hit by a gas contamination, according to Nikkei Asia. The factory, known as "Fab 18," is TSMC's most advanced chipmaking facility. TSMC is Apple's sole chip supplier, making all of the processors used in every Apple device with a custom silicon chip. Industry...
apple rtp land

Apple Preparing to Occupy 200,000 Square Feet of Temporary Space Ahead of New $1 Billion North Carolina Campus

Thursday July 29, 2021 9:14 am PDT by
Back in April, Apple announced a $430 billion investment over the next five years to create more than 20,000 new jobs as the company continues to expand. One significant piece of that plan is a new engineering and research center in North Carolina where Apple will be investing over $1 billion and hiring at least 3,000 employees. Assemblage of seven properties in Research Triangle Park owned by ...
Apple Leak Feature

Apple Demands Leaker Reveals Sources Under Threat of Being Reported to Police

Wednesday July 28, 2021 6:53 am PDT by
Apple has sent a cease and desist letter to a leaker based in China as part of its continuing attempts to curtail leaks of unreleased products, according to Vice. A Chinese citizen who shared images of stolen Apple prototypes on social media was sent a warning letter from Fangda Partners, Apple's law firm in China, on June 18, 2021. An extract from the letter read:You have disclosed without ...
macos monterey tidbits feature copy

Apple Releases New macOS 12 Monterey Public Beta

Wednesday July 28, 2021 10:19 am PDT by
Apple today seeded the third public beta of the macOS 12 Monterey beta to public beta testers, allowing non-developers to test the new macOS Monterey software ahead of its public release. The third beta comes two weeks after Apple released the second macOS Monterey public beta. Public beta testers can download the macOS 12 Monterey update from the Software Update section of the System...
iOS 15 General Feature Purple

Apple Releases New Public Betas of iOS 15, iPadOS 15, watchOS 8, and tvOS 15

Wednesday July 28, 2021 10:16 am PDT by
Apple today seeded the third betas of iOS and iPadOS 15 to public beta testers, allowing non-developers to download and test the new updates ahead of their fall release. The third public betas come two weeks after Apple released the second public betas. Public beta testers who have signed up for Apple's beta testing program can download the iOS and iPadOS 15 updates over the air after...
nothing ear 1 buds 1

Nothing 'Ear (1)' True Wireless Earbuds Launch to Take on AirPods Pro With ANC and Unusual Design for $99

Tuesday July 27, 2021 7:57 am PDT by
Nothing, a new brand from OnePlus founder Carl Pei, has today officially launched the "Ear (1)" true wireless earbuds after months of anticipation around the company's AirPods Pro rival. The Ear (1) features an in-ear design, Active Noise Cancelation, Bluetooth 5.2, IPX4 water resistance, and a charging case with Qi-compatible wireless charging and a USB-C port. Fast pairing is supported on...