The outbreak includes two Trojan applications and a publically disclosed remote code execution vulnerability.
Security firm Intego, which last fall uncovered the Mac 'DNS Changer' trojan, said that it had discovered a new malware threat posing as a poker game.
According to Intego, when the user attempts to launch the application, simply titled 'PokerGame', a dialog box appears asking for the machine's administrator password. When the password is entered, the application executes a script that logs the user's name, password, and IP address, then uploads the stolen data to a remote server.
An attacker would then have the ability to remotely access and control the system, says Intego.
Separately, Intego disclosed a vulnerability in OS X's Remote Management agent which could allow an attacker to remotely execute code with the privileges of the current user. A spokesperson told vnunet.com that the issue has been reported to Apple and no attacks in the wild have been reported as yet.
Meanwhile, fellow security vendor SecureMac reported another OS X trojan. The attack is distributed either an AppleScript known as ASthtv05, or bundled as an application under the AStht_v06. When executed, the script will allow an attacker to remotely access the user's iSight camera, log keystokes, retrieve screen shots and manipulate file sharing settings.
The reports mark the first new malware threats for the MacOS since last fall when a DNS changer trojan was spotted posing as a video codec. Security has long been a top selling point for Apple, as Mac malware has been seen as virtually nonexistent in comparison to the hundreds of thousands of malicious apps currently threatening Windows.
In addition to their own security software, both Intego and SecureMac recommend that users follow best practices of not opening unsolicited or suspicious files.
Twin Trojans attack Macs
By Shaun Nichols on Jun 23, 2008 7:41AM