Advertisement

Article

First fake Mac installer discovered

Nick

Nick

  • Updated:

Security firm Dr Web claims to have discovered the first fake installer for Macs, that attempts to obtain you phone number and then debit your phone bill. Dr Web have named the installer Trojan.SMSSend.3666 although it isn’t actually a Trojan that affects OS X in any way. Its simply malware that tries to trick users into entering their mobile number in order to activate the program. Trojan.SMSSend has been identified on Windows for quite some time but this is the first known instance on Mac.

Dr Web state that the malware relies on users triggering an SMS to work:

When a user starts such an installer, they see the interface that imitates the installation wizard of a corresponding application. In order to continue the “installation” fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis.

The security firm note that the installer is harmless to OS X itself and the scam doesn’t even require users to allow the program to fully install.

It isn’t clear whether the fake installers are blocked by Gatekeeper or how far they have spread, but its likely that they’re isolated to mainly Russian websites at the moment. It goes without saying though that you should never have to enter to your phone number to activate piece of software and if prompted to do so, we strongly recommend that you terminate the installation immediately.

For a more detailed discussion on security on Macs and the difference between viruses, trojans and malware, don’t forget to read Part 6 of our Moving to Mac Guide: Do Macs Get Viruses?

Nick

Nick

Latest from Nick

Editorial Guidelines