Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan

gnasher729 · Dec 13, 2012

Here are the steps that you need to perform to get hit:

1. Go to a website that distributes the Trojan.
2. Download a .zip file from the website.
3. Extract the .zip file which contains an app that looks like an installer.
4. Double-click the app.
5. Either have your Mac set up so that it allows launching any app (stupid) or give the app explicitly permission to launch.
6. (New step) Ignore a warning from Apple that this app is dangerous.
7. Enter your phone number and some other number.

You'd have to be _quite_ stupid to be caught by this.

Next I'll send emails to all Mac users in the world "send me your money! " and everyone who sends me money will blame Apple for it.

spyguy10709 · Dec 13, 2012

rrahimi said:
And again, you are wrong about Windows. Or maybe you are stuck in a time loop about a decade ago.

Nothing can "escalate itself privelidge-wise [sic]" in Windows either. You have to have the permissions and even then explicitly allow extended "privelidges" [sic]. Unless someone is a dolt and disables all the default security that exists in Windows.

It can... as a matter of fact. That's what a virus is. UAC is useless, it's a ripoff of Unix based control - but it's not 100% accurate. Google windows privilege (whoops, slipped on the keys, so shoot me) escalation - and then get back to me. Thanks!

~Amateur Security Researcher

KdParker · Dec 13, 2012

I really hope that people will not give a cell number just to install some free software.

SPUY767 · Dec 13, 2012

The fact that it says introductio would have given away that it's fake for me.

0815 · Dec 13, 2012

PowerPCMacMan said:
In the PowerPC days, viruses and malware in OSX was unheard of. While I agree the move from PPC was a much needed one, the switch to Intel meant trouble ahead for OS X on x86 hardware. Now Apple is getting viruses and malware. Terrible if u ask me.

Sony311 said:

And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

Click to expand...

No no no ... the 'processor' has nothing to do with viruses or like in this case lame phishing attempts.

It is only that MacOS has finally reached the critical mass that it is more interesting to target mac os users. This would also happened on PowerPC if it would have been more successful during that time.

But anyway - this is still not a real virus - it requires that user to download something, click the installer, enter the password, click through the warnings, enter the SMS and reply to it (or use it's 'code') ... all user initiated, nothing happens hidden in the background.

KdParker · Dec 13, 2012

gnasher729 said:
Here are the steps that you need to perform to get hit:

1. Go to a website that distributes the Trojan.
2. Download a .zip file from the website.
3. Extract the .zip file which contains an app that looks like an installer.
4. Double-click the app.
5. Either have your Mac set up so that it allows launching any app (stupid) or give the app explicitly permission to launch.
6. (New step) Ignore a warning from Apple that this app is dangerous.
7. Enter your phone number and some other number.

You'd have to be _quite_ stupid to be caught by this.

Next I'll send emails to all Mac users in the world "send me your money! " and everyone who sends me money will blame Apple for it.

That's alot of work to get that trojan.

Jsameds · Dec 13, 2012

SPUY767 said:
Image
The fact that it says introductio would have given away that it's fake for me.

the 'for MAC on MAC' is a bit of a giveaway aswell

GCRoberts · Dec 13, 2012

There is another level of security you can easily add. If you contact your cell carrier, they can block any subscriptions being added to your cell phone account. Then, even if you fall for something like described in this thread, it'll still be blocked by the carrier. I use AT&T, and I know they support blocking. I would suspect other carriers could do the same.

mono1980 · Dec 13, 2012

People need to learn the difference between a virus and a trojan.

oneMadRssn · Dec 13, 2012

rrahimi said:
And again, you are wrong about Windows. Or maybe you are stuck in a time loop about a decade ago.

Nothing can "escalate itself privelidge-wise [sic]" in Windows either. You have to have the permissions and even then explicitly allow extended "privelidges" [sic]. Unless someone is a dolt and disables all the default security that exists in Windows.

Really? Nothing? How about on that infamous OS, which still has about 3 times as compared to the quantity of mac users. Windows XP (still about 20-35% market share, depending on how you measure) is is certainly able to get have viruses take over the entire os, rendering it practically unfixable, regardless of default security features. Let's not forget the second most popular OS of today.

However, your are correct as to Windows7, which does fare much much better, and has the most users of all.

rrahimi · Dec 13, 2012

spyguy10709 said:
It can... as a matter of fact. That's what a virus is. UAC is useless, it's a ripoff of Unix based control - but it's not 100% accurate. Google windows privilege (whoops, slipped on the keys, so shoot me) escalation - and then get back to me. Thanks!

~Amateur Security Researcher

Firstly, access control, "superuser" and "userland" have existed in computing long before Unix. Secondly UAC is neither useless nor a ripoff. It is similar in implementation to 'sudo' and that's all. You don't innovate on what is proven to work. It's not a competition. Thirdly, nothing is 100% secure.

I'm amazed that an "Amateur Security Researcher" would post such a meaningless statement and then direct people to "Google it duuude" as proof.

0815 · Dec 13, 2012

GCRoberts said:
There is another level of security you can easily add. If you contact your cell carrier, they can block any subscriptions being added to your cell phone account. Then, even if you fall for something like described in this thread, it'll still be blocked by the carrier. I use AT&T, and I know they support blocking. I would suspect other carriers could do the same.

This should be the DEFAULT ... too bad the carriers don't care about user protection (guess they get some share of those sales)

MacFoodPoisoner · Dec 13, 2012

LimeiBook86 said:
Glad to see Apple keeping things up to date.

Not exactly keeping up to date when they managed to compromise at least 500,000 users data last year with the flashback trojan.

So far they 've only been "in talks" with security firms, unless they stop being cheapskates and start purchasing and incorporating some security companies to work on os x's security they won't be able to keep up with half measures. They 've grown way too large to keep ignoring the threats.

So, cough it up apple, we as users have been coughing up 50% margins long enough so you can afford it...

0815 · Dec 13, 2012

oneMadRssn said:
Really? Nothing? How about on that infamous OS, which still has about 3 times as compared to the quantity of mac users. Windows XP (still about 20-35% market share, depending on how you measure) is is certainly able to get have viruses take over the entire os, rendering it practically unfixable, regardless of default security features. Let's not forget the second most popular OS of today.

However, your are correct as to Windows7, which does fare much much better, and has the most users of all.

So you are telling me it would be safe to free up some resources on windows 7 machines and remove the virus scanner?

JHankwitz · Dec 13, 2012

Sony311 said:
And people always defended OSX for being virus/spyware free... LOL. Welcome to reality. Hopefully Apple can keep up with the variations that are no doubt going to be roaming out in the wild based on this.

And people say the earth is flat and man never walked on the moon. So? There are always 'outliers' in every population.

435713 · Dec 13, 2012

0815 said:
So you are telling me it would be safe to free up some resources on windows 7 machines and remove the virus scanner?

God I would be way too freaked over drive by downloads and I am pretty PC savvy, not the best in the world but won't make any really bad mistakes. As far as I am aware of at the moment a fully patched OSX system doesn't have anything that can affect it. I am sure there is one or two though out there but I feel safe with no condom on OSX.

JHankwitz · Dec 13, 2012

ArtOfWarfare said:
Nicely handled, it would seem.

But really, it seems to me this is an issue phone service providers should handle. Why is the money that they handle handled so insecurely? Shouldn't our provider send us some sort of message for us to confirm that some company is going to start leaching money via our phone bill and shouldn't they block companies that they find frequently commit this kind of fraud?

They do and they did. That's why Apple sends you an e-mail every time you make an iTunes or Apple account has been charged. Sources of these problems are very hard to track down, if not impossible. If you 'follow the money', the ones that benefit the most from these scams are usually the virus software companies. Without constant attacks, their sales drop significantly.

oneMadRssn · Dec 13, 2012

0815 said:
So you are telling me it would be safe to free up some resources on windows 7 machines and remove the virus scanner?

Anymore other than Microsoft's own Windows Security Essentials is superfluous on Win7 at this point. I have stopped using Norton/Symantec/McAfee/Avira/AVG/Avast/etc a while ago on my Win7 computers.

As with every system: the best defense is being ready, so having an automatic nightly backup is most important.

JHankwitz · Dec 13, 2012

KdParker said:
I really hope that people will not give a cell number just to install some free software.

There are many people out there that will do anything their computer tells them to do. They even believe what they read on the internet. Go figure.

futileBuffalo · Dec 13, 2012

For those arguing if Mac is virus free or not, keep in mind that you can never guarantee an operating system to be 100% secure. It might be possible to infest a Mac with a virus.
Here's an exmple. Apple somehow automatically updates the list of malware signatures on your computer. That means when your computer receives a message from Apple, it writes to a file on your computer with (most likely) root privileges. This is a possible attack point, where a hacker could perform a middle man attack and put a malicious payload in the packets.

I'm not saying this is going to work. It most definitely won't. But if you're creative enough, and smart enough, you could maybe find a way to infect the Mac. Nothing is 100% secure. It just so happens that people have spent decades already terrorizing Windows and there are many books to learn how to do this.
Not so much for Mac.

dreadnort · Dec 13, 2012

If Mac's don't get infected why have they change the 'Why OSX is better' page on their site from Don't get viruses to built to be safe.

On that note

Quote-----------
One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same thing. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you better protect your computer from their often damaging effects.

It's about knowing whats what and how to deal with it. OSX is safer but not immune.
It's only bullet proof until you start shooting at it

Shrink · Dec 13, 2012

KdParker said:
That's alot of work to get that trojan.

Slacker!!

If you're not willing to do a little work to get a Trojan, well...you just don't deserve one.

Such laziness!!

topmounter · Dec 13, 2012

Good News: This "scam" only works on the clinically retarded.

Bad News: The lack of common sense nowadays has crippled a large percentage of the population with a certain level of clinical retardation.

TallManNY · Dec 13, 2012

Setting aside the installation issue (which we have to do from time to time, I'm looking at you Adobe), I don't get how the payment works though. If your mobile phone is getting debited, then isn't your phone company collecting the money? Since this is an identified scam, why would your phone company be turning that money over to the criminals. And even if the criminals slipped a bunch of installations through before this was identified, shouldn't the phone company have the paper trail that shows which bank the money was sent to? And the bank (at least US banks) are required to be able to identify their customers. Which means there should be a paper trail leading back to the criminals secret lair. Of course there is little chance these criminals are in the US. And banking laws are more relaxed overseas. But still this scam should be traceable or at least intercept-able by the phone company.

CodeBreaker · Dec 13, 2012

Does GateKeeper allow the installer to run?
In other words, is the installer code signed by a valid developer certificate?

Apple Quickly Updates Malware Definitions to Detect New SMS Scam Trojan

Suspended

macrumors 65816

macrumors 601

macrumors 68020

macrumors 68000

macrumors 601

Suspended

macrumors newbie

macrumors 6502

macrumors 603

macrumors member

macrumors 68000

macrumors regular

macrumors 68000

macrumors 68000

macrumors 6502a

macrumors 68000

macrumors 603

macrumors 68000

macrumors newbie

macrumors regular

macrumors G3

macrumors 68030

macrumors 601

macrumors 6502

Our Staff