Secure Mac reports on Tuesday that a new security issue classified as "critical"and it is found on several websites and social networks that Mac users should be aware.
SecureMac has discovered a new trojan horse in the wild that affects Mac OS X, including Snow Leopard (OS X 10.6), the latest version of OS X. The trojan horse, trojan.osx.boonana.a, is spreading through social networking sites, including Facebook, disguised as a video. The trojan is currently appearing as a link in messages on social networking sites with the subject "Is this you in this video?"
This kind of links are very common on Facebook an Twitter, even though Secure Mac doesn't mention it and a lot of people click on it just for the fun and then complain why they are sending random posts. What happens when a user clicks on the link?
- The trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically.
- When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system.
- Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system.
- While running, the trojan horse hijacks user accounts to spread itself further via spam messages.
- Users have reported the trojan is spreading through e-mail as well as social media sites.
Some of the tips offered by Secure Mac include:
- Watch where you surf. By sticking with safe, well-known websites, you will be less likely to visit a site that will attempt to infect you with a trojan horse. Be especially careful when surfing to links included in messages on social media sites, even if they come from a friend.
- Watch what you download. Download files only from trusted sources and safe sites.
- Use security features in OS X. Turn on the built-in Firewall, and consider security software, especially when a computer is shared by multiple users.
Secure Mac offers a free scan solution on their website which you can find here.
Source: Secure Mac