Feeds

Mac spyware infiltrates popular download sites

'Very serious security threat'

Build a business case: developing custom apps

A spyware application that surreptitiously scans chat logs and hard drives of unsuspecting Mac users has found its way onto three of the more popular download sites, security researchers said Tuesday.

Dubbed OSX/OpinionSpy, the spyware is distributed through software available on sites including Softpedia, MacUpdate, and VersionTracker, according to Intego, a provider of anti-virus software for Macs. The app isn't contained in the downloads themselves, but rather gets downloaded during the installation process, Intego said. A Windows version of the program has existed since at least 2008.

Once installed, OpinionSpy scans files and folders on all attached hard drives and regularly sends data in encrypted form to several servers, according to Intego. It also injects code into the Safari, Firefox, and iChat applications and mines them for email addresses, message headers, and other data. The program remains active even if the screensaver or other application that was originally downloaded is uninstalled.

"The fact that this application collects data in this manner, and that it opens a backdoor, makes it a very serious security threat," Intego researchers wrote. "In addition, the risk of it collecting sensitive data such as user names, passwords and credit card numbers, makes this a very high-risk spyware."

Apple's OS X operating system has long been regarded as a haven from the huge base of malware that regularly targets users of Microsoft's Windows. The Windows threat has grown so large that Google has begun advising its new employees to use alternates, The Financial Times has reported.

Mac's most ardent supporters have long claimed the platform is more inherently secure than Windows, a perception Apple marketers have been happy to perpetuate. But a more plausible explanation, advanced by Charlie Miller and other white-hat hackers who regularly exploit Apple security bugs, is that the platform isn't sufficiently big enough to justify the investment of hardened crime gangs.

Intego identified the apps installing OpinionSpy as the MishInc FLV To Mp3 media converter and screensavers made by the company 7art-screensavers. More details about the spyware are here. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?