SecureMac says it has discovered a new trojan horse in the wild that affects Mac OS X, including Snow Leopard. The trojan horse, trojan.osx.boonana.a, is spreading through social networking sites, including Facebook, disguised as a video.
The trojan is currently appearing as a link in messages on social networking sites with the subject “Is this you in this video?” According to the folks at SecureMac, when a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically.
When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the trojan horse hijacks user accounts to spread itself further via spam messages. Users have reported the trojan is spreading through e-mail as well as social media sites.
The Java component of the trojan horse is cross-platform, and includes other files that affect Mac OS X as well as Microsoft Windows, according to SecureMac. There have been reports of similar behavior in recent trojan horses targeting Microsoft Windows, but they have not included cross-platform capabilities until now. The trojan attempts to hide its internet communications and actions through obfuscated code spread through multiple files, and will attempt to contact additional command servers if the primary servers are unavailable.
SecureMac says it has released a free removal tool to eliminate this threat, which can be downloaded by visiting http://www.securemac.com or downloaded directly from http://macscan.securemac.com/files/BTRT.dmg . Further updates on the status of this trojan horse can be found at http://www.securemac.com/boonana-bulletin.php, which will be updated as more information becomes available.