The recently discovered HellRTS-D spyware app for Mac, now also known as Pinhead-B, has been spotted “in the wild” for the first time. It is being disguised as an installer for the iPhoto imaging program; attempting to install the program will actually expose the user to HellRTS.
This development had been expected by Mac security experts after the antivirus software developer Intego reported that the new HellRTS variant had been seen circulating on hacking forums.
HellRTS-D has the potential to be the most dangerous piece of malware on the Mac platform so far. It affects both Intel and PowerPC-based Mac systems, and, when installed, automatically duplicates itself and creates multiple fraudulent DNS servers, which are then used to interact with other designated servers, send email, and allow remote access to the computer, all without the user’s knowledge.
This is likely to be only the first of many Trojans to incorporate the HellRTS or Pinhead backbone. Its emergence is further proof that the old adage that Mac users don’t need antivirus software is simply untrue.
The virus definitions for many Mac security programs, including Intego VirusBarrier, have been updated to include HellRTS-D.
Related posts:
- Intego Security Memo Details New Malware Variant for Mac OS X
- Apple Quietly Adds Anti-Malware Protection to OS X
- Mac OS X Malware [OpinionSpy] Circulating Through Screen Savers
