Trending

SecureMac Issues Trojan Warning

By

SecureMac last week posted a warning regarding a Trojan horse, AppleScript.THT, which affects Mac OS X 10.4 and 10.5.

SecureMac is a company that specialises in making anit-spyware software for Macs. The company posted a warning last Thursday detailing AppleScript.THT.

According to SecureMac, the Trojan gives hackers remote access to your computer and lets them do a whole bunch of stuff with your machine that you would no doubt be unhappy about. This includes logging keystrokes, taking pictures with the built-in iSight camera, taking screenshots, and turning on file sharing, not to mention transmitting system and user passwords.

SecureMac says the Trojan is currently being distributed from hacker websites and discussions on these sites suggest distribution through iChat and Limewire. Users must download and open the Trojan in order for their PC to be infected. AppleScript.THT is distributed as either a compiled AppleScript, called ASthtv05 (60 KB), or as an application bundle called AStht_v06 (3.1 MB). Upon download, the Trojan will move itself to the Library/Caches/ folder and add itself to the System Login Items.

The warning page advises users to run MacScan 2.5.2. Click here to read the advisory.

The warning comes the day before Apple patched a “Carpet Bomb” bug affecting users running the Safari browser on Windows and allowed attackers to download files onto a users desktop without their knowledge. Click here to read more.

Topics
Software
7 Comments Comment from the forums
  • Neog2 24 June 2008 02:50
    Its just going to get worse for the apple community because the bunch of them believe they are immune to virus, and spyware. Its a shame really. I mean me myself use Pc, and Mac, and work in the computer field. I Obviously know to actively use a real time scanning program.

    I i consistently try to tell people on what it seems like a daily basis,
    that something big will come and you might want to try and be prepared for it. All i recieve back is ignorant rants about, thats PC related problems, im on a mac, and I dont have to worry. Sheesh.

    People just dont get that the only reason you dont here about Mac viruses, and spyware is because the number of users to Windows is minscule, but thats changing every so gradually, and it will be bad
    for a lot of people.

    I feel so bad because Apple really doesnt actively push the software to
    prevent hard enough.
    Reply
  • jhansonxi 24 June 2008 03:10
    "Users must download and open the Trojan in order for their PC to be infected."

    At least it's user friendly and they don't have to compile it from source code.

    Just exactly how is this a greater threat then any other user-installable application? Is adware acceptable because of it's profit? Is game DRM spyware acceptable because of it's license?
    Reply
  • 24 June 2008 03:32
    wow that's funny. I just saw the Mac advertisement that says they don't have viruses. I'll stick with my PC because they have better tools at detecting and removing the viruses. Kudos to Neog2.
    Reply
  • mr roboto 24 June 2008 05:18
    Yes the virus warning from a virus software manufacturer. Always a trustworthy source. Sorry if I'm a bit of a cynic but these guy's are the only ones making a big deal out of this. They act like it's the first ever Mac trojan or worm.
    Reply
  • LoboBrancoTimido 24 June 2008 20:17
    One just needs to be careful with all OS's.
    I know some Mac users that also think they are immune to those problems.
    Neog2 has a good point.
    Reply
  • seatrotter 24 June 2008 20:35
    Another thing compounding the problem, but still due to the smaller install base, is the fact that there are relatively fewer "enthusiast"/"white" hackers probing Mac. These people could offer a great deal of help in exposing security issues. And let's all (at least the Mac community) hope that Apple doesn't do anything stupid to turn these kind of people away from helping.

    As for the malwares, people just falls short on what to expect. A malware is a malware, regardless of whether it can borrow itself in the system or just stay alive for the duration of the session/use of the system or even just an application (ie, browser). A system may prevent a compromised browser from making changes to the system (or even to itself), but a malware designed to steal credentials doesn't have to burrow itself. All it takes is a compromised legitimate site and any unlucky visitor visiting that site then going thru his emails and online banks is a dead duck; unless ofcourse he/she closes first his/her browser before opening it again to browse his emails and online bank. This kind of scenario may be remote, but considering the (growing) number of Mac users, a lot of people would still be affected.
    Reply
  • monsta 26 June 2008 12:04
    How funny is that?
    Im sure there is going to be alot of stunned mac users face pics all over the net.LOL
    Reply