New Mac spyware identified

Jake Widman
Wednesday, 02 June 2010 10:59

Business IT - Security

Security vendor Intego has reported that software available from popular Mac download sites may be infected with "very high-risk spyware."

The spyware is known as "OS X/OpinionSpy." It's not contained in the downloaded software itself, but is installed during the process of installing the intended package.

The installer may ask the user to approve the installation of a "market research" application called PremierOpinion, or that warning may be skipped. The malware has been found with software available on MacUpdate, VersionTracker, and Softpedia, as well as from the developers' sites.

As described on Intego's Mac Security Blog, the spyware requests an administrator's password on installation and afterwards runs as root, giving it access to all files on local and network volumes.

It then opens a backdoor to the Mac and sends data to remote servers.

Intego's report states that "the fact that this application collects data in this manner, and that it opens a backdoor, makes it a very serious security threat. In addition, the risk of it collecting sensitive data such as user names, passwords and credit card numbers, makes this a very high-risk spyware."

For a list of affected software, see Page 2.