For only the second time in 19 months, Apple has updated the signatures used to protect Mac users against malware attacks.

An update released Monday for Mac OS X 10.6, aka, Snow Leopard, adds detection for a trojan known as OSX.OpinionSpy. The malware comes bundled with Mac screensavers and applications available on various websites, according to Marco Preuss , a researcher with antivirus provider Kaspersky Labs. Once installed, OpinionSpy mines personal information entered into Safari, Firefox and elsewhere and sends it to servers controlled by the attackers.

Kaspersky has seen just 13 OpinionSpy infections since the beginning of the year, mainly by users located in India.

The addition brings the total number of malware signatures included in Snow Leopard to four. The malware protection debuted in an OS X beta released in mid 2009 with signatures for just two well-known Mac trojans, known as RSPlug and iServices. Apple later updated the malware protection to detect a backdoor threat known as HellRTC, which was detected in April, according to Mac AV provider Intego.

The protection, which many are calling Xprotect, provides a popup window that warns users that the program they are trying to install “will damage your computer” and should be moved to trash. The warning is provided only when the files are downloaded using Safari, Firefox, Mail, Entourage, iChat and a handful of other applications. According to an analysis from 2009, the window is not activated if the same malicious file has been downloaded using Skype or transferred from a DVD, CD or thumb drive.

It's unclear what the criteria is for adding signatures to Xprotect. Mac security experts say the number of known malware applications that target OS X is probably in the hundreds.

The addition was part of a monster package of Snow Leopard security patches that fixed 56 vulnerabilities, including one that researcher Charlie Miller had hoped to use two weeks ago at the annual Pwn2Own hacker contest. The exploit went unused because another contestant drew a higher lottery number and was able to compromise the Mac dedicated to the competition first.

At least 45 of the bugs Apple fixed on Monday made it possible for attackers to execute malicious code, according to Apple's advisory. ®

Related stories

• Apple is picking off iOS antivirus apps one by one: Who'll be spared? (24 March 2015)

  https://www.theregister.com/2015/03/24/ios_anti_malware_confusion/

• New Mac OS X: Mountain Lion roars at unauthorised apps (16 February 2012)

  https://www.theregister.com/2012/02/16/mountain_lion_preview/

• Apple expels serial hacker for publishing iPhone exploit (8 November 2011)

  https://www.theregister.com/2011/11/08/apple_excommunicates_charlie_miller/

• Apple requires Mac App Store candidates to be sandboxed (3 November 2011)

  https://www.theregister.com/2011/11/03/mac_app_store_sandbox/

• MacBook batteries susceptible to hack attacks (22 July 2011)

  https://www.theregister.com/2011/07/22/mac_battery_hack/

• Major overhaul makes OS X Lion king of security (21 July 2011)

  https://www.theregister.com/2011/07/21/mac_os_x_lion_security/

• Peeping Tom Mac spyware suspect cuffed (9 June 2011)

  https://www.theregister.com/2011/06/09/peeping_tom_mac_malware/

• New Mac scareware variant installs without password (26 May 2011)

  https://www.theregister.com/2011/05/26/mac_malware_game_changer/

• Apple admits scareware problem, at last (25 May 2011)

  https://www.theregister.com/2011/05/25/apple_acknowledges_macdefender/

• Skype bug gives attackers access to Mac OS X machines (6 May 2011)

  https://www.theregister.com/2011/05/06/skype_for_mac_critical_vulnerability/

• DIY crimekit brings advanced malware to Mac OSX (3 May 2011)

  https://www.theregister.com/2011/05/03/mac_osx_crimeware_kit/

• Son of AV tycoon rescued following 'stupid' kidnapping (25 April 2011)

  https://www.theregister.com/2011/04/25/ivan_kaspersky_rescued/

• Mac OS X daddy quits Apple (23 March 2011)

  https://www.theregister.com/2011/03/23/bertrand_serlet_leaves_apple/

• iPhone and BlackBerry brought down in hacker competition (11 March 2011)

  https://www.theregister.com/2011/03/11/iphone_blackberry_hacked/

• Apple security update leaves iPhone 3G users unprotected (10 March 2011)

  https://www.theregister.com/2011/03/10/apple_update_omits_iphone3g/

• Making sport of browser security, hackers topple IE, Safari (10 March 2011)

  https://www.theregister.com/2011/03/10/apple_safari_ie_stomped/

• Mac OS X haunted by ghost of Jailbreakme bug (10 November 2010)

  https://www.theregister.com/2010/11/10/mac_osx_security_vuln/

• Sophos debuts freebie antivirus scanner for Macs (2 November 2010)

  https://www.theregister.com/2010/11/02/sophos_mac_anti_virus/

• Tight-lipped Apple fixes Safari autosnoop bug (28 July 2010)

  https://www.theregister.com/2010/07/28/apple_safari_bug_patch/

• Code-execution bug found in Apple Safari (10 May 2010)

  https://www.theregister.com/2010/05/10/critical_safari_bug/

• PGP co-founder takes OS security job with Apple (22 April 2010)

  https://www.theregister.com/2010/04/22/jon_callas_joins_apple/

• iPhone, IE, Firefox, Safari get stomped at hacker contest (25 March 2010)

  https://www.theregister.com/2010/03/25/pwn2own_2010_day_one/

• Apple sits on critical Mac bug for 7 months (and counting) (12 January 2010)

  https://www.theregister.com/2010/01/12/critical_osx_security_bug/

• Snow Leopard security - The good, the bad and the missing (29 August 2009)

  https://www.theregister.com/2009/08/29/snow_leopard_security/

• Apple sneaks malware protection into Snow Leopard (25 August 2009)

  https://www.theregister.com/2009/08/25/snow_leopard_malware_protection/