Mac Security Alert: Free Mac Software Spreading Spyware
Several freely distributed software applications for Mac will download spyware during the installation process and compromise your machine announced Intego, company that specializes in providing security solutions for Mac. Intego identifies the spyware as OSX/OpinionSpy; the company’s Intego VirusBarrier X5 and X6 are capable of detecting and eradicating this threat.
“OSX/OpinionSpy is installed by a number of applications and screen savers that are distributed on sites such as MacUpdate, VersionTracker and Softpedia. The spyware itself is not contained in these applications, but is downloaded during the installation process. This shows the need for an up-to-date anti-malware program with a real-time scanner that can detect this malware when it is downloaded by the original application’s installer,” explained Intego.
Here are some details on OSX/OpinionSpy that Intego released:
- A Windows version of this threat has been out there since 2008.
- The spyware runs as root with full rights to access and change any file.
- The spyware opens a HTTP backdoor using port 8254.
- It uses a lot of CPU.
- It analyzes packets entering and leaving the compromised machine.
- It injects code into Firefox, iChat and Safari. It copies personal data from these apps.
- It sends encrypted data to a number of servers in a regular basis. It uses ports 80 and 443 to do so.
- It can be automatically upgraded.
- After a period of time, some machines infected with this spyware no longer work properly.
- The spyware doesn’t go away if the application or screensaver that delivered it is deleted.
Intego made public a preliminary list of applications that install OSX/OpinionSpy. Intego advises you to stay away from these applications and not install them on your machine:
All the screensavers in the list are made by one company, mainly 7art-screensavers.
The sites mentioned by Intego, mainly MacUpdate, VersionTracker and Softpedia, removed these applications as soon they found out they posed a security risk.
Update May 3: Intego released additional information on this spyware (see here).
“OSX/OpinionSpy is installed by a number of applications and screen savers that are distributed on sites such as MacUpdate, VersionTracker and Softpedia. The spyware itself is not contained in these applications, but is downloaded during the installation process. This shows the need for an up-to-date anti-malware program with a real-time scanner that can detect this malware when it is downloaded by the original application’s installer,” explained Intego.
Here are some details on OSX/OpinionSpy that Intego released:
- A Windows version of this threat has been out there since 2008.
- The spyware runs as root with full rights to access and change any file.
- The spyware opens a HTTP backdoor using port 8254.
- It uses a lot of CPU.
- It analyzes packets entering and leaving the compromised machine.
- It injects code into Firefox, iChat and Safari. It copies personal data from these apps.
- It sends encrypted data to a number of servers in a regular basis. It uses ports 80 and 443 to do so.
- It can be automatically upgraded.
- After a period of time, some machines infected with this spyware no longer work properly.
- The spyware doesn’t go away if the application or screensaver that delivered it is deleted.
Intego made public a preliminary list of applications that install OSX/OpinionSpy. Intego advises you to stay away from these applications and not install them on your machine:
- MishInc FLV To Mp3
- Secret Land ScreenSaver v.2.8
- Color Therapy Clock ScreenSaver v.2.8
- 7art Foliage Clock ScreenSaver v.2.8
- Nature Harmony Clock ScreenSaver v.2.8
- Fiesta Clock ScreenSaver v.2.8
- Fractal Sun Clock ScreenSaver v.2.8
- Full Moon Clock ScreenSaver v.2.8
- Sky Flight Clock ScreenSaver v.2.8
- Sunny Bubbles Clock ScreenSaver v.2.9
- Everlasting Flowering Clock ScreenSaver v.2.8
- Magic Forest Clock ScreenSaver v.2.8
- Freezelight Clock ScreenSaver v.2.9
- Precious Stone Clock ScreenSaver v.2.8
- Silver Snow Clock ScreenSaver v.2.8
- Water Color Clock ScreenSaver v.2.8
- Love Dance Clock ScreenSaver v.2.8
- Galaxy Rhythm Clock ScreenSaver v.2.8
- 7art Eternal Love Clock ScreenSaver v.2.8
- Fire Element Clock ScreenSaver v.2.8
- Water Element Clock ScreenSaver v.2.8
- Emerald Clock ScreenSaver v.2.8
- Radiating Clock ScreenSaver v.2.8
- Rocket Clock ScreenSaver v.2.8
- Serenity Clock ScreenSaver v.2.8
- Gravity Free Clock ScreenSaver v.2.8
- Crystal Clock ScreenSaver v.2.6
- One World Clock ScreenSaver v.2.8
- Sky Watch ScreenSaver v.2.8
- Lighthouse Clock ScreenSaver v.2.8
All the screensavers in the list are made by one company, mainly 7art-screensavers.
The sites mentioned by Intego, mainly MacUpdate, VersionTracker and Softpedia, removed these applications as soon they found out they posed a security risk.
Update May 3: Intego released additional information on this spyware (see here).
