Fake Installer for Mac OS Charges Users via Their Mobile Account

Reports are circulating that a fake installer for Mac OS has surfaced, proving that Mac OS is still fair game when it comes to web threats.

Our friends from Dr. Web have uncovered a fake installer for Mac OS X. Detected as OSX_ARCHSMS.A, users may encounter this threat by downloading from websites peddling supposed legitimate software. Once installed, it shows an image that looks like an installation wizard window.

The curious aspect of this threat is that OSX_ARCHSMS.A asks users for their cellphone number and for the verification code to be sent via SMS. When done, users are prompted to agree with the terms and conditions of the program, which include being charged regularly via their mobile phone account. Needless to say, no program is installed and users end up being charged for a fake (and non-existent) program.

If this ruse, in particular the charging of a user’s mobile account, looks familiar, you may have read about malicious Android apps known as premium service abusers. Usually disguised as legitimate apps, they are known to register users to premium services, send SMS and calls without their consent or knowledge, therefore incurring unnecessary charges for users. Some notable cases of premium service abusers include malicious versions of Bad Piggies and Adobe Flash Player for Android.

But this fake installer is first on two different fronts: the first premium service abuser affecting Mac users and the first premium service abuse done under the guise of a fake installer. This is an interesting mix of technique, which only proves that cybercriminals can be a crafty lot – especially if they want money from users.

This fake installer is certainly not the first threat that hounded Mac OS. Just early this year, the Flashback made headlines, not only because it targeted the said platform, but because of its scope and impact to users. We also previously found other, noteworthy threats that Mac users should be aware of.

To stay protected, users must refrain from downloading files, programs from unverified sources and websites. Mac or no Mac, users must be cautious with their activities online. Users may think that they are saving money by downloading these “free” or discounted installers online – but they end up paying for more.

Trend Micro Smart Protection Network™ protects users from this threat by detecting and deleting OSX_ARCHSMS.A if found in user’s sytem. Apple was also quick to address this issue.

With additional analysis from Threat response engineer Mark Manahan

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

Fake Installer for Mac OS Charges Users via Their Mobile Account

Read more: Fake Installer for Mac OS Charges Users via Their Mobile Account

Story added 14. December 2012, content source with full text you can find at link above.