Mac OS X DNS-changing Trojan detected

According to a report by Trend Micro, there is a yet another Trojan targeting Mac machines in the wild.

It’s a DNS-changing Trojan posing as a QuickTime Player update, using the fake name MacCinema Installer. Users are asked to download a disk image file by the name of QuickTimeUpdate.dmg, purportedly needed for viewing online videos.

The Trojan (detected by Trend Micro as OSX_JAHLAV.D) can change your DNS to point to a “phishing” version of the site you want to visit, or another malicious site where you can be subjected to further exploitation. It also contains a Perl script that downloads a file that makes it possible for the malicious user to keep an eye on your activities.

To get rid of this Trojan, Trend Micro advises users to drag and drop “MacCinema” into the trash and change your DNS settings to “auto.”




Share this