Twin Trojans attack Macs

Two new Mac OS Trojans have been uncovered

Security researchers are warning of a crop of new malware threats that have appeared for the Mac OS in recent days.

The outbreak includes two Trojan applications and a publicly disclosed remote code execution vulnerability.

Security firm Intego, which uncovered the Mac DNS Changer Trojan last year, told vnunet.com that it had discovered a new malware threat posing as a poker game.

When the user attempts to launch the 'PokerGame' application a dialog box asks for the machine's administrator password.

When the password is entered, the application executes a script that logs the user's name, password and IP address then uploads the stolen data to a remote server.

An attacker would then have the ability to remotely access and control the system, according to Intego.

Separately, Intego disclosed a vulnerability in OS X's Remote Management agent which could allow an attacker to remotely execute code with the privileges of the current user.

A spokesperson told vnunet.com that the issue has been reported to Apple and that no attacks in the wild have been reported as yet.

Security vendor SecureMac reported another OS X Trojan which is distributed by an AppleScript known as ASthtv05, or bundled as an application under the AStht_v06.

When executed, the script will allow an attacker to remotely access the user's iSight camera, log key-strokes, retrieve screen shots and manipulate file sharing settings.

The reports mark the first new malware threats for the MacOS since November 2007 when a DNS changer Trojan was spotted posing as a video codec.

Security has long been a top selling point for Apple, as Mac malware has been seen as virtually nonexistent in comparison to the hundreds of thousands of malicious apps currently threatening Windows.

Intego and SecureMac recommend that users follow best practice by not opening unsolicited or suspicious files.