Spyware found on popular Mac websites

gallery

Security firm Intego has warned Mac OS X users that downloading free software from several popular download sites may install spyware that opens a back door for hackers to collect personal details.

The spyware, called OSX/OpinionSpy, is a variant of a Windows threat first discovered in 2008. It has been found piggy-backing on nearly 30 screensaver downloads from a company called 7art and a video converter app called MishInc FLV to MP3.

Softpedia, MacUpdate and VersionTracker were all found to be hosting the infected downloads, which have now been withdrawn, Intego said.

According to Intego's Mac Security Blog, the software attempts to install itself alongside the genuine software, masquerading as a “market research” utility called PremierOpinion, which claims to monitor browsing and purchasing history anonymously for research purposes.

However, once users enter their administrator password, the spyware runs as root, opening an HTTP backdoor on port 8254. From there it scans all accessible local and networked volumes, and injects code into Safari, Firefox and iChat. It then regularly transmits packages of encrypted data to secure servers, including email addresses, URLs, usernames, passwords and credit card numbers.

“The fact that this application collects data in this manner, and that it opens a backdoor, makes it a very serious security threat,” Intego warned. “In addition, the risk of it collecting sensitive data such as usernames, passwords and credit card numbers, makes this a very high-risk spyware.”

OSX/OpinionSpy is able to upgrade itself automatically and relaunch itself using Mac OS X's launch feature – which manages automated systems and launch processors.

A full list of the affected download software is available on the Intego website, though the security firm warns this is merely a list of the affected applications it has identified so far.

Email to a friend

Print this page