Hackers Update Mac Porn RSPlug Trojan Horse

By

post-4843-image-3abe9cd0593dbe63a7a2e4e27fb1b88e-jpg

Mac users are being warned to beware of a new scam by hackers to plant a Trojan horse. RS.Plug.D is a more flexible update of the RS.Plug.A threat discovered in 2007, a security software vendor claimed Tuesday.

Like the original, the new version relies on Mac users to visit malicious porn sites, according to Intego. Unlike RS.Plug.A, this trojan software opens a security hole enabling hackers to repeatedly download files to your system.

When on a suspect porn site, visits will be shown an error message: “Video ActiveX Object Error,” followed by a message that the browser is unable to view the video file and a request to start a download.


ActiveX is usually linked to Windows-related files, not Macs. Despite that, the Web page downloads a file (often named “cleanlive.dmg”) from a remote site. Once downloaded, the file automatically launches a trojan that contacts the remote site again.

To avoid downloading the Trojan file, you must quit your browser, according to the company. Simply choosing “Cancel” returns you to the original “error” message.

Mac users can disable the Trojan by using an anti-virus application.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.

4 responses to “Hackers Update Mac Porn RSPlug Trojan Horse”

  1. Dan Knight says:

    All that work to put a stupid Trojan on my Mac? Windows users have it so much easier!

  2. Mark Aufflick says:

    Also, ALL Mac users should turn off the ‘Open “safe” files after downloading’ option in Safari preferences.

    If you do this, the trojan described above will not auto-install.

    Since there are no “safe” files on the internet, Apple really should disable that feature once and for all.