Mac OS X Attacked by Trojan Horse

The first reported malicious code to target Apple’s Mac OS X operating system, a potentially damaging Trojan Horse computer program, is serving as both a validation of the platform’s security and a warning that more may be coming.

Announced by Mac security vendor Intego, the Trojan horse, dubbed MP3Concept or MP3Virus.Gen, exploits a weakness in Mac OS X where applications may appear to be other types of files, Intego reported.

The malicious code, or malware, is encapsulated in the ID3 tag of a digital music file, which are heavily used with Apple’s popular iTunes online store and iPod player. While it is capable of playing music to help fool the user, the file is actually a hidden application that can run on any Mac running OS X, Paris-based Intego said.

Security experts agreed that the lack of antivirus and awareness on the part of Mac users could leave the alternative computing community at risk of an attack. However, they also agreed that there have been so few previous Mac viruses and there are so few targets compared to the Windows population, the Mac OS X operating system remains more secure.

“Do we need Mac users to get to the same level of awareness as PC users? The answer is no,” iDefense director of malicious code Ken Dunham told TechNewsWorld. “The issue is the level of threat is not as great, not for Mac users.”

Intego First Alert

Intego, which provides antivirus and other security protections to Mac users with its VirusBarrier software, said the MP3 Concept tricks the user by showing the malicious application as an MP3 file with icon and extension.

If users double-click the MP3 as with a typical music file, the hidden code is launched on the Mac and although it plays music contained in the file, it can damage or delete files, according to Intego.

“While the first versions of this Trojan horse that Intego has isolated are benign, this technique opens the door to more serious risks,” said a company security alert, which added the Trojan had the potential to delete all of a user’s files, e-mail itself to others and infect MP3, JPEG, GIF or other QuickTime files.

Dunham, who referred to code in his lab that purports to be Mac malware but has not been tested since security demands more focus on Windows, said any new Trojan for Mac OS X is noteworthy because there have been virtually no previous assaults on the platform.

“We may see problems in an area where we haven’t seen them before,” Dunham said.

Mac More Susceptible?

Since there have been so few viruses and worms that target Mac computers — the AutoStart worm that caused sharp but temporary pain for users is among the only ones that stand out in recent history — antivirus programs for Mac OS X are somewhat lacking both in availability and deployment.

“The conditions are more ripe in the Mac domain than it would be in others from the user not expecting it or being gullible,” Dunham said. “What it means is if a traditionally safe platform becomes hostile, it could be extremely hostile in the early stages of an attack.”

Forrester analyst Jan Sundgren told TechNewsWorld that with far fewer vulnerabilities and viruses than Windows, Mac users could be in danger with their guard down.

Not a Popular Target

However, Sundgren downplayed the threat, adding that Mac OS X is not nearly as popular of a target for attackers who are looking to get an “explosive outbreak.”

Dunham, who said PC users from the home environment and up must be aware of and using security measures including firewall, antivirus and aversion to attachments, indicated that Mac users are still in a more secure environment.

“These users are going to not be as sieged as Windows users,” Dunham said. They don’t have to worry about the concerns of PC users.”

Apple responded to the Intego security warning and said it is trying to address the issue quickly. “We are aware of the potential issue identified by Intego and are working proactively to investigate it,” Apple said.

“While no operating system can be completely secure from all threats, Applehas an excellent track record of identifying and rapidly correctingpotential vulnerabilities,” the company added.


  • There is nothing new here. When OS X first launched with support for both mata data and file extensions there was talk of malware getting in through the gap between both methods. There is still not 1 person who has been infected unknowingly with anything other than an obsession for MAC OS X.

      • doriangrey – I’m sure you would like to believe that MacOS is like all the others, but it isn’t, not by a long shot. There is a world of difference in the security features built into OSX as compared to Windows, and I would suggest that you do a little searching (won’t take much) and read up on what you’re talking about before making a statement like "is like all the others". Here’s something I bet you didn’t know, and I hope it doesn’t make you grind your teeth: A web site in Finland a few years ago offered a reward (it got up to close to $10,000) to anyone who could deface a web page hosted on a Mac. After several months and over 200,000 attempts, it still remain untouched. So if my Mac was like all the others then how is it that I can browse the web and click on anything I want without fear, open any email attachment that comes along, have no adware, no spyware, no popups, and I leave my system running and online 24/7 with nothing invading my system through buffer overflows and/or open ports? Have a nice day. 🙂

          • Given, MACs are 3% of the earths desktop. Why would someone write a hack for that? It aint popular. Hackers are intersted in that inwhich will affect the masses. MACs aint it! So that explains why no one has cracked it yet.
            MACs should and will vanish from the earth sooner or later.

          • There are a few flaws in your theory. The main flaw being that for quite a few years now the United States Army has been using Macintosh servers. Thus meaning there are a lot of hackers out there trying there best(and failing) to hack into those macintosh servers and none have managed so far. Have a great day!

  • OSX was NOT attacked by anything. This Trojan was nothing more than a proof-of-concept, and it was never introduced into anyone’s computer without their knowledge. Furthermore, it contained no "malicious" code of any kind. It was simply a test to see if it could be done, and was created by a group of (let’s call them) programmers who got the idea through their discussions in the newsgroups. Actually, this type of Trojan has been around for about 2 decades and is anything but new. The guy that created it wrote to several anti-virus software vendors and to Apple to inform them of what he had done, in the spirit of being a helpful kinda guy.
    Now, what *would* be newsworthy, is when MacOSX is brought down by simply clicking a web link, or if MacOSX got infected with a virus by just fetching one’s mail (not even opening it), or if files start disappearing by simply listening to online music, or if a Mac starts sending thousands of spam emails just by hooking up to the net and letting it sit for a while. Now THAT would be news.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels