In a memo dated from June 1st, 2010, security firm Intego warns that a spyware application, which they detect as OSX/OpinionSpy, has been spotted and is being "installed by a number of freely distributed Mac applications and screen savers found on a variety of websites." The said Web sites include MacUpdate, VersionTracker and Softpedia.
The spyware is not contained in the files themselves, so scanning them before installation will not help protect one's computer. During the installation process, the user is told that a "market research" program will also be installed. OSX/OpinionSpy is then downloaded and installed. According to Intego, "the malware, a version of which has existed for Windows since 2008, claims to collect browsing and purchasing information that is used in market reports."
However, they warn that the malware goes much further by taking other potentially damageable actions. OSX/OpinionSpy opens a backdoor through port 8254; harvest data from the infected computer and sends it to its server; injects code into Safari, Firefox and iChat and gathers personal information from the applications; and more. In addition, some of that potentially sensitive information could be used in a matter that is harmful to the user's privacy.
This is rated as a "very serious security threat". Also, OSX/OpinionSpy is able to upgrade itself and a variant, known as PermissionResearch, has already been spotted in the wild by Intego.
|
