Some security mavens have long theorized that as the Mac becomes more popular, we'd start to see malware that would start targeting the platform. Sure enough, this morning's crop of email blasts from PR firms included a few notices of trojans that are affecting Mac users.
First, from SecureMac, comes word of trojan.osx.boonana.a, which comes disguised as a link on social networking sites asking "Is this you in this video?" Clicking the link downloads and runs a Java applet that then installs further applications to modify system files and open the system to password-free access. The other malicious apps report back to command and control servers, as well as hijack user accounts to spread the trojan through email spam.
The SecureMac press release notes that the "Java component of the trojan horse is cross-platform," but it's not clear from their statement that the other components are capable of running under Mac OS X.
Next, Intego reported that a similar Java trojan known as Koobface.A is also being spread through social networking systems such as Facebook and Twitter.
Intego reports that these trojans will give you fair warning, as the standard Mac OS X Java security alert (see below) will be displayed. If you're not expecting a Java applet to be running on your machine, click the Deny button and the applet will not run. If you want more information about what's happening, click the Show Details button, and you'll see that content with an untrusted root certificate wants to run on your computer. Clicking Deny will protect your machine from a possible malware infection. Allowing the Java applet to run will launch an installer that will be displayed on your machine. If you haven't launched an installer deliberately, then quit it immediately.
While it's unknown just how widespread or dangerous these trojans are to Mac OS X machines, we recommend that our readers pay attention to what's happening on their Macs and to use common sense when using social networking sites.
Keep in mind that it's not only malicious apps that you need to be wary of, but also malicious users sitting near you in the coffee shop. See our rundown on ways to protect yourself from Firesheep and cookie harvesting.