A new trojan horse has cropped up that affects Mac OS X (and Windows as well), primarily disguised as a video flitting around social networking sites. When users click an infected link, a Java applet is launched that downloads multiple files, including an installer that runs automatically without users’ knowledge.
The Trojan, dubbed trojan.osx.boonana.a by security firm SecureMac, appears as a message on social networking sites such as Facebook that reads, “Is this you in this video?” When the user clicks the link, a Java applet runs, allowing the system to download several files and install a program that can bypass the usual password verification OS X requires for installation.
The malware launches automatically on startup, communicates with command and control servers, and can also crack user accounts on other sites to continue to spread itself as spam.
SecureMac asserts that because the initial phase of the trojan runs on Java, it can spread itself to both Mac OS X and Windows. SecureMac doesn’t say explicitly how it differs on Windows, only that the payload includes “other files” that are directed at Windows.
Disabling Java in your browser can help you avoid infection, but the problem is solved easily enough—don’t click shady links. For those already under Boonana’s spell, though, SecureMac has created a free removal tool. The company also reminds Mac users that as Apple’s market share grows, they need to be mindful of increased attention from hackers.