Mac Trojan In Wild On Porno Site Apocalypse Pending

A new Mac Trojan has been spotted “in the wild” on a porno website, prompting a wave of misleading and inaccurate Mac malware stories.

A Trojan named OSX/Jahlav-C has been spotted on a porno website (xhottube.net), the British security group Sophos said on Friday.

In a blog post about the virus, Sophos also mentioned an update to an email worm called OSX/Tored-A — an updated version of the Mac OS Tored worm — which has prompted news organizations to warn of renewed malware attacks against Macs. But only the OSX/Jahlav-C is in the wild, and even Sophos described the OSX/Tored-A as “lame.”

The new Trojan infects Macs when visitors to the porno website try to watch the site’s main video. They are prompted to download a “missing Video ActiveX Object” but infected with the OSX/Jahlav-C Trojan instead, says Sophos.

However, it’s unclear what the OSX/Jahlav-C Trojan actually does. Sophos says “it will eventually run a Perl script that uses http to communicate with a remote website and download code supplied by the attacker.” Sophos rates the Trojan as a low to medium risk.

“Although there is only a tiny amount of Mac malware compared to Windows viruses, that’s going to be little consolation if your gorgeous new MacBook gets infected,” said a sarcastic post on the company blog. “And sadly we know that many Mac users still believe they are somehow magically immune from attacks.”

The company made a condescending video demonstrating the attack (posted after the jump) — “Is it safe to surf for porn on an Apple Mac?”

UPDATE: ParetoLogic, a Canadian anti-virus company, is also warning about OSX/Jahlav-C. The Trojan is associated with PornTube, says MacNN.

Is it safe to surf for porn on an Apple Mac? from Sophos Labs on Vimeo.

This article is copyright Cultomedia Corp.

nogoogleads_r2b