Mac malware OpinionSpy spotted in dodgy downloads
Hot on the heels of Microsoft's retort to Google's Windows security snub comes word of what's being described as a high-risk spyware/malware exploit affecting OS X computers. According to security firm Intego, the spyware – which it calls OpinionSpy but which has also been identified as PremierOpinion – is being distributed through various free screensavers for OS X (full list after the cut), and if installed is capable of "scanning files to recording user activity, as well as sending information about this activity to remote servers and opening a backdoor on infected Macs."
The malware is the handiwork of comScore (through their VoiceFive Networks subsidiary), and is downloaded as part of the installation process for the various screensavers. Some of the affected apps do indicate in the ToS that "market research" program is installed, but not all; once installed – complete with root privileges – it opents an HTTP backdoor, analyses files on all available volumes, all packets from the local network going in and out, copies personal data from browsers, and then sends encrypted reports to various remote servers including e-mail addresses, iChat message headers and URLs, as well as other data.
Even if OS X users subsequently uninstall the screensaver, the malware is left present, and it can automatically update itself in the background. Obviously Intego would like you to buy their anti-malware apps for Mac, but there's a manual process here. Still, as more users get turned onto OS X – and novice ones at that, perhaps all too willing to download apps without reading the ToS, or give up their administrator's password during the install process – it seems we may have to get used to malware and spyware for the platform increasing.
Affected Screensavers:
7art Eternal Love Clock ScreenSaver v.2.87art Foliage Clock ScreenSaver v.2.8
Color Therapy Clock ScreenSaver v.2.8
Crystal Clock ScreenSaver v.2.6
Emerald Clock ScreenSaver v.2.8
Everlasting Flowering Clock ScreenSaver v.2.8
Fiesta Clock ScreenSaver v.2.8
Fire Element Clock ScreenSaver v.2.8
Fractal Sun Clock ScreenSaver v.2.8
Freezelight Clock ScreenSaver v.2.9
Full Moon Clock ScreenSaver v.2.8
Galaxy Rhythm Clock ScreenSaver v.2.8
Gravity Free Clock ScreenSaver v.2.8
Lighthouse Clock ScreenSaver v.2.8
Love Dance Clock ScreenSaver v.2.8
Magic Forest Clock ScreenSaver v.2.8
Nature Harmony Clock ScreenSaver v.2.8
One World Clock ScreenSaver v.2.8
Precious Stone Clock ScreenSaver v.2.8
Radiating Clock ScreenSaver v.2.8
Rocket Clock ScreenSaver v.2.8
Secret Land ScreenSaver v.2.8
Serenity Clock ScreenSaver v.2.8
Silver Snow Clock ScreenSaver v.2.8
Sky Flight Clock ScreenSaver v.2.8
Sky Watch ScreenSaver v.2.8
Sunny Bubbles Clock ScreenSaver v.2.9
Water Color Clock ScreenSaver v.2.8
Water Element Clock ScreenSaver v.2.8
Applications: so far, Intego has only found this spyware in one application:
MishInc FLV To Mp3
[via Guardian]