Apple Addresses New SMS Trojan in Malware Lists

ID THREATPOST:2894F166630B0879089619D3FC386BE3
Type threatpost
Reporter Chris Brook
Modified 2013-04-17T16:31:05


Apple has made updates to its malware definitions to address yesterday’s news of a new OS X Trojan, SMSSend.3666, that was disguising itself as legitimate software and confounding Russian users.

The Trojan, first blogged about by antivirus firm Dr. Web, tricked users into entering their cell phone number in order to continue the installation of what appeared to be an official software installer. According to Dr. Web’s report, after supplying attackers with their phone number, the victim would unknowingly “agree to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis.” This particular Trojan imitated the VKMusic 4 program, a popular Russian music client.

Apple now identifies the malware in its “Xprotect.plist” blacklist, part of the antimalware framework Apple rolled out with its Snow Leopard operating system in 2009.

News of the quick patch, first reported by, marks a quick turnaround for Apple, yet falls in line with the company’s daily malware list edits. The Cupertino company announced it would update its malware database on a daily basis following last year’s Mac Defender malware fiasco.