Skip to main content

Trojan Horse Takes Pictures Of Mac Users

If the latest malware alert is any indication, Mac users may be forced to re-think their relaxed approach to online security. There is a new, dangerous form of a Trojan out there which already apparently is circulating in multiple variants that target OS X Tiger and Leopard users. Unlike previous malware attempts that often were proof-of-concept releases, this beast can cause real damage, researchers from SecureMac and Intego are reporting.

AppleScript.THT comes either as a 3.1 MB application dubbed AStht_v06 or as a 60 KB compiled AppleScript script called ASthtv05. Once a user downloads and runs one of those executables, their system is infected.

When active, AppleScript.THT exploits a recently outlined Apple Remote Desktop Agent vulnerability. The malware runs with a root user and system-wide account with full privileges used by the operating system. It then adds itself to the System Login Items to launch the Trojan every time a Mac is restarted. It also moves itself into the /Library/Caches/ folder. Security researchers warn that the Trojan runs in the background and hides itself from a possible detection by turning off system logging and opening ports in the operating system’s software firewall mechanism.

You may have guessed that AppleScript.THT can communicate with the outside world and enables a malicious user to gain complete remote access to your Mac. It has been confirmed that such a user can use the Trojan nested in your system to steal system and user passwords, as well as various other passwords stored in the keychain. It can also log keystrokes of whatever you’re typing on a keyboard and send that data remotely to a malicious user.

AppleScript.THT can also turn on file sharing features to expose your files to the outside world. Additionally, it is able to take screenshots of your desktop and even take your pictures using Mac’s built-in iSight camera.

SecureMac and Intego said they have updated their virus definitions databases to detect and remove the Trojan.

  • wymer100
    Here's a quick work-around. Don't run applications that mysteriously appear on your desktop. That's certainly cheaper than installing anti-virus software.
    Reply
  • jhansonxi
    And Mac users thought they were safe from security product company fear mongering.
    Reply
  • saturn77
    I will just repeat what one character on the "Simpsons" loves to say:

    "HA HA."
    Reply
  • nekatreven
    wymer100Here's a quick work-around. Don't run applications that mysteriously appear on your desktop. That's certainly cheaper than installing anti-virus software.
    I hate to say it...but you sound like just the type of user that allows these things hurt people the most. The real problem is that the application GOT on your desktop in the first place. You just got lucky that it has to be run to work. What are you "just don't open it" Mac folk gonna do when the first real worm gets loose that requires NO user interaction; like the many that have hit Windows?

    The virus writers see Mac's increased market share, and its now a matter of when, not if. Everyone following your mentality is just going to have to bend over and take it; ...and have their Macs start running like Windows...pshh.
    Reply
  • What this really means is that MAC owners have finally joined the ranks of the PC world. (PC meaning personal computer - all the advantages and finally all the risks of computer ownership.)

    Most of us always knew that Mac's where not significantly safer than regular pc's. If I designed an operating system I bet it would stay pretty virus free as long as other people didn't use it.
    Reply
  • fulle
    This can be viewed as a good sign, since virus coders finally acknowledge the MAC as something with a user base worthy of their time.

    This isn't a sign that OSX is going to go the way of windows though. The 2 factors we deal with in Viruses are:
    1: Poorly designed software
    2: Social Engineering

    Windows is an excellent example of poor software design. In Outlook you can execute a virus simply by opening an email (seriously), in Linux and OSX you would have to open the email, download the attachment, and then execute it. In Linux, you would probably have to give the virus file executable permissions first also. Its not the same thing.

    @nekatreven
    You scoff at wymer100's comment, but he's right. You would have to be a complete MORON to download a virus like this, and then proceed to execute it. If I would have to first download a file, and then double click on it to execute it in Windows, I wouldn't bother with antivirus software. The problem in Windows, is often almost no user action is needed to let the computer become infected. Its not the same thing, and won't be until virus writers find ways to execute their code with less user action.

    Disclaimer: I'm sounding like a MAC fanboy, but I like to think of myself as unbiased. Windows XP Pro, OSX, and Solaris at work, Unbuntu and Vista Premium at home, with a little photo work in OSX. Each OS has its strengths, but seriously, Linux and OSX are worlds more secure than Windows. Microsoft security vulnerabilities are so ridiculous, that in my organization users are not even allowed to have Outlook on their computers... not even for achieved email, or calendaring purposes.
    Reply
  • caskachan
    LOL @ "VIRUS HAVE NO VIRUS" touted by mac users as a con of mac
    Reply
  • caskachan
    LOL @ "MACS HAVE NO VIRUS" touted by mac users as a con of not using macs (its 5 am im sleepy LOL)
    Reply
  • wymer100
    I agree that best option would be to not have the program show up at all. I'm sure that Apple is working on a fix. That said, there are easy ways to keep from getting infected. It's the difference between the Windows world where people will come up and shoot you and the OSX/Linux world where people hand you a gun and ask you to shoot yourself.
    Reply
  • nekatreven
    fulleThis can be viewed as a good sign, since virus coders finally acknowledge the MAC as something with a user base worthy of their time.This isn't a sign that OSX is going to go the way of windows though. The 2 factors we deal with in Viruses are:1: Poorly designed software2: Social EngineeringWindows is an excellent example of poor software design. In Outlook you can execute a virus simply by opening an email (seriously), in Linux and OSX you would have to open the email, download the attachment, and then execute it. In Linux, you would probably have to give the virus file executable permissions first also. Its not the same thing.@nekatrevenYou scoff at wymer100's comment, but he's right. You would have to be a complete MORON to download a virus like this, and then proceed to execute it. If I would have to first download a file, and then double click on it to execute it in Windows, I wouldn't bother with antivirus software http://en.wikipedia.org/wiki/Antivirus_software . The problem in Windows, is often almost no user action is needed to let the computer become infected. Its not the same thing, and won't be until virus writers find ways to execute their code with less user action.Disclaimer: I'm sounding like a MAC fanboy, but I like to think of myself as unbiased. Windows XP Pro, OSX, and Solaris at work, Unbuntu and Vista Premium at home, with a little photo work in OSX. Each OS has its strengths, but seriously, Linux and OSX are worlds more secure than Windows. Microsoft security vulnerabilities are so ridiculous, that in my organization users are not even allowed to have Outlook on their computers... not even for achieved email, or calendaring purposes.

    Sorry to revive this...I hadn't checked this email in a while...but I feel the need to respond.

    I don't know if any of you actually read my post or not, but I clearly said that WHEN the first Windows type worm hits...those users will be effed. I'm not saying you're wrong about things being better on OSX and the rest of the *nix world right now. I'm saying one of these days -even if it is infinitely more rare- someone will get those OSes to shoot themselves automatically just like windows did with blaster and sasser and the like. You won't have to do anything to start it, and you won't be able to do anything to stop it.

    Even at $60 for a year of a/v software...it's less than 20 cents a day. When that day comes and you get bent over you'll wish you'd plucked down your two dimes for the day.
    Reply