A new Mac Trojan has been spotted “in the wild” on a porno website, prompting a wave of misleading and inaccurate Mac malware stories.
A Trojan named OSX/Jahlav-C has been spotted on a porno website (xhottube.net), the British security group Sophos said on Friday.
In a blog post about the virus, Sophos also mentioned an update to an email worm called OSX/Tored-A, which has prompted news organizations to warn of renewed malware attacks against Macs.
But only the OSX/Jahlav-C is in the wild, and even Sophos described the OSX/Tored-A as “lame.”
The new OSX/Jahlav-C Trojan infects Macs when visitors to the “hardcore” porno website try to watch the site’s main video. They are prompted to download a “missing Video ActiveX Object” but are infected with the OSX/Jahlav-C Trojan instead, says Sophos.
The social engineering here isn’t very sophisticated — ActiveX is associated with Windows. In addition, it’s unclear what the OSX/Jahlav-C Trojan actually does. Sophos says “it will eventually run a Perl script that uses http to communicate with a remote website and download code supplied by the attacker.”
What that code does, Sophos doesn’t say. Apparently, it hasn’t executed the Perl script yet. Sophos rates the Trojan as low to medium risk.
“Although there is only a tiny amount of Mac malware compared to Windows viruses, that’s going to be little consolation if your gorgeous new MacBook gets infected,” said a sarcastic post on the company blog. “And sadly we know that many Mac users still believe they are somehow magically immune from attacks.”
The company made a condescending video demonstrating the attack (posted after the jump) — “Is it safe to surf for porn on an Apple Mac?”
UPDATE: ParetoLogic, a Canadian anti-virus company, is also warning about OSX/Jahlav-C. The Trojan is associated with PornTube, says MacNN.
UPDATE 2: Reader Scam Finder says the Trojan doesn’t exist on the xhottube site. Scam Finder tried to purposely infect his Mac but failed. See the comment below.
Is it safe to surf for porn on an Apple Mac? from Sophos Labs on Vimeo.
Leander Kahney is the editor and publisher of Cult of Mac.
Leander is a longtime technology reporter and the author of six acclaimed books about Apple, including two New York Times bestsellers: Jony Ive: The Genius Behind Apple’s Greatest Products and Inside Steve’s Brain, a biography of Steve Jobs.
He’s also written a top-selling biography of Apple CEO Tim Cook and authored Cult of Mac and Cult of iPod, which both won prestigious design awards. Most recently, he was co-author of Cult of Mac, 2nd Edition.
Leander has been reporting about Apple and technology for nearly 30 years.
Before founding Cult of Mac as an independent publication, Leander was news editor at Wired.com, where he was responsible for the day-to-day running of the Wired.com website. He headed up a team of six section editors, a dozen reporters and a large pool of freelancers. Together the team produced a daily digest of stories about the impact of science and technology, and won several awards, including several Webby Awards, 2X Knight-Batten Awards for Innovation in Journalism and the 2010 MIN (Magazine Industry Newsletter) award for best blog, among others.
Before being promoted to news editor, Leander was Wired.com’s senior reporter, primarily covering Apple. During that time, Leander published a ton of scoops, including the first in-depth report about the development of the iPod. Leander attended almost every keynote speech and special product launch presented by Steve Jobs, including the historic launches of the iPhone and iPad. He also reported from almost every Macworld Expo in the late ’90s and early ‘2000s, including, sadly, the last shows in Boston, San Francisco and Tokyo. His reporting for Wired.com formed the basis of the first Cult of Mac book, and subsequently this website.
Before joining Wired, Leander was a senior reporter at the legendary MacWeek, the storied and long-running weekly that documented Apple and its community in the 1980s and ’90s.
Leander has written for Wired magazine (including the Issue 16.04 cover story about Steve Jobs’ leadership at Apple, entitled Evil/Genius), Scientific American, The Guardian, The Observer, The San Francisco Chronicle and many other publications.
Leander has a postgrad diploma in artificial intelligence from the University of Aberdeen, and a BSc (Hons) in experimental psychology from the University of Sussex.
He has a diploma in journalism from the UK’s National Council for the Training of Journalists.
Leander lives in San Francisco, California, and is married with four children. He’s an avid biker and has ridden in many long-distance bike events, including California’s legendary Death Ride.
You can find out more about Leander on LinkedIn and Facebook. You can follow him on X at @lkahney or Instagram.
16 responses to “Mac Trojan “In Wild” On Porno Site — Apocalypse Pending”
I’ve been there, done that. Nothing has happened that I can tell…. No speed difference or any other running object I can find. I hit a lot of these ‘forbidden’ sites, even my ISP blocked one and I told them they have no right to stop me. Ok so you’ve warned me now let me pass. They changed their code. But now it’s like I’m running under them, they are always the first site in the path, so I don’t know what they’re doing. What’s worse it seems they never check or recheck to see if it has been removed, so I guess tagged once tagged for life! I have gotten a screen that claims it’s from Apple and gives me a big list of “Maleware” and “Trojans”, but they don’t appear to be on my machine! I have noticed that even Google has a warning page. It seems that they would just query you machine type and blow it off if you are on a mainframe or something… Hell what can happen, just scratch the disk and start over again.. I’ve got good backups of things I want, so I don’t think I’m very scared….yet….hooooo….
Sasha Grey i lovey you!