Mac Trojan “In Wild” On Porno Site — Apocalypse Pending

By

post-11730-image-972ad5572701732c966ac4c404e376fe-jpg
Screenshot from Sophos' webpage detailing the OSX/Jahlav-C Trojan.

A new Mac Trojan has been spotted “in the wild” on a porno website, prompting a wave of misleading and inaccurate Mac malware stories.

A Trojan named OSX/Jahlav-C has been spotted on a porno website (xhottube.net), the British security group Sophos said on Friday.

In a blog post about the virus, Sophos also mentioned an update to an email worm called OSX/Tored-A, which has prompted news organizations to warn of renewed malware attacks against Macs.

But only the OSX/Jahlav-C is in the wild, and even Sophos described the OSX/Tored-A as “lame.”

The new OSX/Jahlav-C Trojan infects Macs when visitors to the “hardcore” porno website try to watch the site’s main video. They are prompted to download a “missing Video ActiveX Object” but are infected with the OSX/Jahlav-C Trojan instead, says Sophos.

The social engineering here isn’t very sophisticated — ActiveX is associated with Windows. In addition, it’s unclear what the OSX/Jahlav-C Trojan actually does. Sophos says “it will eventually run a Perl script that uses http to communicate with a remote website and download code supplied by the attacker.”

What that code does, Sophos doesn’t say. Apparently, it hasn’t executed the Perl script yet. Sophos rates the Trojan as low to medium risk.

“Although there is only a tiny amount of Mac malware compared to Windows viruses, that’s going to be little consolation if your gorgeous new MacBook gets infected,” said a sarcastic post on the company blog. “And sadly we know that many Mac users still believe they are somehow magically immune from attacks.”

The company made a condescending video demonstrating the attack (posted after the jump) — “Is it safe to surf for porn on an Apple Mac?”

UPDATE: ParetoLogic, a Canadian anti-virus company, is also warning about OSX/Jahlav-C. The Trojan is associated with PornTube, says MacNN.

UPDATE 2: Reader Scam Finder says the Trojan doesn’t exist on the xhottube site. Scam Finder tried to purposely infect his Mac but failed. See the comment below.

Is it safe to surf for porn on an Apple Mac? from Sophos Labs on Vimeo.