A week after a security company warned Mac users of the slowly growing risk of malware attack, a new Mac OS X Trojan-worm based on Koobface has been discovered circulating via Facebook and Twitter.
The malware appears in security bulletins puts out by two Mac anti-malware companies, SecureMac, which has dubbed it trojan.osx.boonana.a, and Intego, which describes it as OSX/Koobface.A, which would make it a variant of the common Koobface worm that afflicted Facebook in 2008.
The interesting feature of the worm-cum-Trojan is its design and delivery, which resembles the sort of malevolence that is utterly standard in Windows world.
Using an "Is this you in this video?" link on Facebook, Twitter and other social media as the lure, infection starts with a Java applet downloading remote malware that sets itself to run automatically at startup. This then hijacks the user?s email software in order to spam further links, and modifies the system?s password settings.
From the point of infection, the Mac can be remotely monitored and any files on it are at risk of being stolen.
One unusual aspect of the malware is that its Java architecture allows it to hit Mac, Windows and Linux users. In-browser exploits using Java are common in Windows, and not unheard of in Macs either, but doing both at the same time is a rare approach. This hints that integrated malware could become more common in future.