Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,555
30,882



Earlier this week, Russian security firm Dr. Web published a blog post announcing the discovery of a new OS X trojan horse known as "Trojan.SMSSend.3666". The malware masquerades as an installer for various software titles, but tricks users into signing up for subscriptions through their mobile devices.

smssend_trojan.jpg
When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the "installation" fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis.
Click to expand...
Similar trojans have affected Windows and even Android platforms for some time, but the tactic is now being used to target Mac users.

smssend_definition.jpg
Apple has moved quickly to address the threat, adding definitions for the malware to its "Xprotect.plist" blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009. In its original incarnation, users were required to update definitions manually, but as malware threats against OS X grew, Apple last year instituted automatic daily checks to keep users' systems updated. The anti-malware tools automatically detect when a user has downloaded a file matching the signature of known malware, alerting the user of the threat and advising them to discard the downloaded file.

Article Link: Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan
 
Article Link
https://www.macrumors.com/2012/12/13/apple-quickly-updates-malware-definitions-to-detect-new-sms-scam-trojan/
LimeiBook86

LimeiBook86

macrumors G3
May 4, 2002
8,001
45
Go Vegan
Glad to see Apple keeping things up to date. I haven't heard of this scam but it sure seems like it could be quite dangerous! :eek:
 
S

Sony311

macrumors member
Feb 24, 2012
41
0
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
 
spyguy10709

spyguy10709

macrumors 65816
Apr 5, 2010
1,007
659
One Infinite Loop, Cupertino CA
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this :D
 
mw360

mw360

macrumors 68020
Aug 15, 2010
2,032
2,395
I don't understand how these scams can operate without the perps being instantly tracked down and thrown in a cell. Surely somebody regulates who is and isn't allowed to charge for sending SMS messages.
 
ArtOfWarfare

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,563
6,062
Nicely handled, it would seem.

But really, it seems to me this is an issue phone service providers should handle. Why is the money that they handle handled so insecurely? Shouldn't our provider send us some sort of message for us to confirm that some company is going to start leaching money via our phone bill and shouldn't they block companies that they find frequently commit this kind of fraud?
 
spyguy10709

spyguy10709

macrumors 65816
Apr 5, 2010
1,007
659
One Infinite Loop, Cupertino CA
Sony311 said:
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
Click to expand...

LOL welcome to reality - this isn't a virus at all. It's a fake installer that asks for your cell phone number. It's not an infection - it's a poor phishing attempt.
 
mw360

mw360

macrumors 68020
Aug 15, 2010
2,032
2,395
Sony311 said:
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
Click to expand...

From wikipedia:

A computer virus is a computer program that can replicate itself[1] and spread from one computer to another.
Click to expand...

Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge.
Click to expand...

This is neither. Its a plain old scam.
 
D

D-a-a-n

macrumors 6502
Mar 22, 2010
271
239
spyguy10709 said:
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this :D
Click to expand...

Could you elaborate more on that?
 
Joe-Diver

Joe-Diver

macrumors 6502
Aug 2, 2009
265
0
Sony311 said:
And people always defended OSX for being virus/spyware free... LOL.
Click to expand...

LOL....please learn what a virus is.....and take a look at file permissions (UID/GID)....then maybe you'll understand what is actually happening here.
 
gnasher729

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
Sony311 said:
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
Click to expand...

Since this application is neither a virus nor spyware I'd say people are quite right.
 
PowerPCMacMan

PowerPCMacMan

macrumors 6502a
Jul 17, 2012
800
1
PowerPC land
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.

Sony311 said:
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.
Click to expand...
 
Last edited by a moderator:
GoCubsGo

GoCubsGo

macrumors Nehalem
Feb 19, 2005
35,741
153
Oh I send unwanted texts to people all of the time. What's the big deal? :D
 
D

DeathChill

macrumors 68000
Jul 15, 2005
1,663
90
spyguy10709 said:
No it doesn't. You have to put in your password into the warning that says "this application isn't approved by apple and may cause unintended operation" or something like that.
Click to expand...

I don't think it gives you any option to open it if Gatekeeper is active. You can right click it and hit 'Open' or turn off Gatekeeper but I don't think it gives you an option to run it as most people would click okay anyways.
 
0815

0815

macrumors 68000
Jul 9, 2010
1,793
1,065
here and there but not over there
Somehow I am not worried about this 'Trojan'

Anything that requires me launching an installer and than requiring me to type in my password and cell phone number is not scary at all - its a lame phishing attempt that I laugh about.

I would be worried if it installs automatically in the background and than accesses my address book to get my cell phone number - but even than I would not respond to that SMS to get charged money.

Honestly, I don't get the people that did type in their cell phone number - it is almost impossible to protect those people from their own stupidity.

Anyway, glad to see that Apple is trying to protect people from their own stupidity.
 
Last edited:
spyguy10709

spyguy10709

macrumors 65816
Apr 5, 2010
1,007
659
One Infinite Loop, Cupertino CA
D-a-a-n said:
Originally Posted by spyguy10709
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this


Could you elaborate more on that?
Click to expand...
Sure- to install something in OS X (that does anything without you clicking the icon, like a service or anything like that) requires you to put your password in a box that prevents privilege escalation (basically the OS has complete control over all applications, not the other way around - a virus). If you don't have a password, you just leave the box blank. A program can't put a password into the system, only the user into the system. This prevents programs from replicating (a virus) or taking over the system (like many trojans).
 
mw360

mw360

macrumors 68020
Aug 15, 2010
2,032
2,395
PowerPCMacMan said:
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.
Click to expand...

How'd you explain Android malware, or iOS malware then? It's really not the CPU that's vulnerable, is the OS. And by the way, OSX, Windows 7/8, and Android aren't even that vulnerable now, it's the users that are the weak link in the chain.
 
Last edited by a moderator:
R

rrahimi

macrumors member
Sep 17, 2012
48
26
spyguy10709 said:
Again, like I always say, the only virus you can get on OSX is one you install yourself. This just prevents the user from hurting him/herself. This isn't a "virus" like everyone is saying - it's a program that phishes your personal info. It can't escalate itself privelidge-wise like with a Windows virus and become "above" your system to prevent removal or uninstallation. Nothing can do that in OSX due to it's unix base.

Also, great job Apple for staying so on top of this :D
Click to expand...

And again, you are wrong about Windows. Or maybe you are stuck in a time loop about a decade ago.

Nothing can "escalate itself privelidge-wise [sic]" in Windows either. You have to have the permissions and even then explicitly allow extended "privelidges" [sic]. Unless someone is a dolt and disables all the default security that exists in Windows.
 
spyguy10709

spyguy10709

macrumors 65816
Apr 5, 2010
1,007
659
One Infinite Loop, Cupertino CA
0815 said:
Somehow I am not worried about this 'Trojan'

Anything that requires me launching an installer and than requiring me to type in my cell phone number is not scary at all.

I would be worried if it installs automatically in the background and than accesses my address book to get my cell phone number - but even than I would not respond to that SMS to get charged money.

Honestly, I don't get the people that did type in there cell phone number - it is almost impossible to protect those people from their own stupidity.
Click to expand...

It charges you like those "insert your phone number here for unlimited ringtones!! *$9.99 per month" websites.
 
iGrip

iGrip

macrumors 68000
Jul 1, 2010
1,626
0
This is NOT a real trojan. Apple has zero malware. People seem to forget that.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom