Yet Another Apple Trojan In The Wild!

It seems that everyone and their dog is writing a Trojan to take advantage of the Apple Remote Desktop vulnerability that I posted about last week. This one is called OSX/Howdy and does the following:

“When run the Trojan will attempt to install itself to the /Library/Caches folder and perform the following tasks:

– disable system logging and delete system log files
– start PHPShell and web server
– start ARD, VNC and SSH services
– disable system updates
– open ports in the firewall
– disable third party security software
– steal various password hashes and keys which may be used to compromise other systems

OSX/Hovdy-A will also attempt to use the ARDAgent vulnerability to obtain root access.”

Since it is a Trojan, it needs you to run it so it can do its evil work. So I will say it again… Never download and install software from untrusted sources or questionable web sites. Also, if something suddenly appears on your Mac asking you for your password, and you are NOT installing software or changing system settings, don’t type your password in.

Leave a Reply

%d bloggers like this: