Trend Micro, company that specializes in providing network antivirus and internet content security software and services, has uncovered a new threat in the wild, threat that targets Macs. The company has discovered a Trojan horse that disguises itself as MacCinema Installer – this is in fact at DNS-changing Trojan from the OSX_JAHLAV malware family.

“A Domain Naming System (DNS)-changing Trojan targeting Macs is currently making the rounds disguised as MacCinema Installer (detected by Trend Micro as OSX_JAHLAV.D. This is the latest variant of OSX_JAHLAV.C, which was identified in June. The Trojan is supposedly a QuickTime Player update with the file name QuickTimeUpdate.dmg. As with its earlier variants, users are prompted to download the malware when trying to view certain online videos from .com domains with the IP address, 91.214.45.73,” explained Trend Micro.

Mac users are well advised to stay away from these .com domains: allincorx, bigdron, cikaredo, civilizxx, comeandtryx, deribrowns, draxxtermania, givendream, hitrowzone, jumborad, ltdkeeper, operationelx, oxxadox, paxxtiger, rednetx, rstdeals, simplexdoom, sinister, tdenuwas, tniredrum, ufapeace. Mac users are also well advised to be cautious with software updates that do not originate from Apple.

Senior Security Consultant with Sophos, Graham Cluley, added that the company he works for detected the malware, called it OSX/Jahlav-C and provides protection for it since the start of the week. All Sophos products detect and protect against the Mac threat.

Cluley used the occasion to once again draw attention to the fact that Macs need adequate security software just like Windows PCs do: “Mac malware continues to make the headlines because of its novelty value and the fact that many Apple lovers are adamant that their computers are somehow protected by an invisible forcefield which makes them invincible. If you're a Mac user and not running anti-virus software, it's time to wake up and smell the cappuccino.”