Spyware Trojan Hitching Ride on Third-Party Mac Screensavers

Intego, a Mac security organization recently released a warning on a Mac Windows spyware App. The two year old spyware app is known to send number of delicate information to several external servers. The “OSX/OpinionSpy” dubbed spyware is usually installed with a wide range of available Mac OS X third party screensaver modules and a minimum of just a single shareware tool needed to strip the audio tracks away from the various Flash videos.

In a few cases, the OSXOpinionSpy, also called PremierOpinion claims itself to be a helpful tool used for collecting browsing habits especially for the “market research”. However, in a few other known cases, it gets installed without sending any notifications. This application successfully runs with the root permissions at the background thus opening the HTTP backdoor. The application helps scan all types of attached volumes also sending out encrypted information across several servers. It also examines all types of packets coming in and going out from all infected Mac softwares by potentially taking up the information from all other computers connected in the local network. Moreover, the application also injects a code into the current versions of the other browsers such as Firefox, Safari and also iChat thus sending a list of information, email addresses, URLs, iChat message headers, etc. and other data to the main command servers.

The spyware security firm further warns by stating that based on the data collected by the application, it could possibly also include a wide range of sensitive details. Intego also released a statement mentioning that this collected data might also possibly include some personal data like credit card numbers, usernames, passwords, web browser bookmarks, etc. This spyware is usually downloaded and also installed by a series of installers for the Mishlnc FLV, Mp3 and a wide number of screensaver modules designed by the 7art screensavers. Well, these also seem to appear onto the various common Mac OS X shareware websites such as Softpedia and also MacUpdate.

It is believed that simply removing the originally added application will however not remove the spyware. However, Intego’s Virus Barrier has been upgraded to find and get rid from it. For completing this operation it needs to perform a lot of malicious action. Firstly, you need to scan the file record use activity and then send data for this action to remote server and then again need to open a backdoor on infected Macs. A lot of application and screen savers which are distributed on these sites such as Softpedia, Version Tracker, MacUpdate, etc. are installed by OSX/OpinionSpy. It automatically downloads during the installation time, although in this application the spyware is not included. However, if you try to install the software, your safest way of act is to be watchful enough while installing this software from any unknown or unreliable source. Well, apart from this healthy uncertainty, there is another way to protect your system. An updated malware scanner seems to be the ideal tool that will allow you to finely protect your system from these types of spyware which pretends to be important and legitimate software.

Leave a Reply

Your email address will not be published. Required fields are marked *