Hackers port Linux trojan to Mac OS X

“OSX/Tsunami-A, a new backdoor Trojan horse for Mac OS X, has been discovered,” Graham Cluley reports for Sophos.

“What makes Tsunami particularly interesting is that it appears to be a port of Troj/Kaiten, a Linux backdoor Trojan horse that once it has embedded itself on a computer system listens to an IRC channel for further instructions,” Cluley reports. “Typically code like this is used to rally compromised computers into a DDoS (distributed denial-of-service) attack, flooding a website with traffic.”

Cluley reports, “Sophos’s Mac anti-virus products (including our free anti-virus for Mac home users) have been updated to detect OSX/Tsunami-A.”

Read more in the full article here.

MacDailyNews Note: Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.

Related articles:
Apple updates OS X Lion, Snow Leopard malware definitions to address new trojan – September 26, 2011
New OS X trojan horse sends screenshots, files to remote servers – September 23, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
MACDefender trojan protection and removal guide – May 20, 2011
Apple investigating ‘MACDefender’ trojan – May 19, 2011
Apple malware: 6 years of crying wolf – May 6, 2011
Is Mac under a virus attack? No. – May 4, 2011
Intego: MACDefender rogue anti-malware program attacks Macs via SEO poisoning – May 2, 2011
Sophos details new Mac OS X Trojan – February 28, 2011
Warning: Mac users beware of yet another trojan masquerading as video codec – June 11, 2009
CNN blows it; gets all worked up about a Mac Trojan that isn’t the first nor is it the last – April 23, 2009
Mac trojan expands to affect pirated versions of Photoshop CS4 – January 26, 2009
Intego: Mac trojan horse found in pirated Apple iWork ‘09 – January 22, 2009
New Mac OS X Trojan horse identified – June 23, 2008
Mac OS X Scareware trojan ‘MacSweep from Imunizator’ tries to scam Mac users – March 29, 2008
Mac trojan makers churn out slightly modified versions to evade anti-malware detection – November 08, 2007
Mac DNS Changer Trojan [OSX/Puper] relatively simple; works like the Windows version – November 01, 2007
New Mac OS X Trojan warning – February 16, 2006
Apple: ‘Opener’ is not a virus, Trojan horse, or worm – November 02, 2004


    1. It isn’t a virus, it’s a trojan.

      A trojan is something that says it’s one thing, but really it’s another.

      It’s actually just a computer program doing what it was intended to do.

      It may be called ‘Sexy Milfs Go Tandem’, and it may even deliver on that promise, but that doesn’t mean that it isn’t sticking it to you in the background.

      A virus has still not been created for Mac OS X.

      A virus installs itself, does its deed, self propagates, and automatically infects those in your address book.

      A trojan actually needs permission from the user to be installed, and to do it’s damage.

      As MDN said, you can’t protect people from themselves.

      If you’re stupid enough to download and run ANYTHING from an unknown/untrusted source, there is no help for you.

      You can’t fix stupid.

    1. There is nothing magical about a Mac that prevents it from receiving a virus… It just won’t run.

      If a virus is emailed to you, you may be able to safely open it on your Mac, but if you happen to forward the email to a Windows user, they’re screwed.

      Anti-Virus software for Mac is real, and it truly can disable a virus, but it’s not for the benefit of the Mac user–It’s for the benefit of any unfortunate Windows user they may come into contact with.

    2. “Why does Sophos make an anti-virus app for the Mac?”
      Answer: To make money from the naive.
      Selling Anti-Virus software for Mac OS X, is like selling Bengal Tiger Repellent to Canadians.

  1. Yeah, a really dangerous virus that you have to compile, install and give it the right permissions in order to do it’s damage.
    That’s a program with a nested trojan, the user has to install it. It is not like those windows viruses that if the computer gets infected just looking at the word “virus”

  2. Don’t install anything that doesn’t come from the app store!! Watch, it’s coming. And I have to say I don’t particularly mind unless what I need is not there. Seems like it would be a good idea to vet all software before installing.

  3. That’s what, three or is it four Trojans that work on Mac OS X?

    That’s it for me. I’m buying a Windows computer. I’m sick and tired of not having a extensive and varied collection of malware at my fingertips. I want a real computer not some safe, well protected imitation.

  4. Being Mac user since 1984, having never used any virus protection most time since… I do recommend Mac users have some sort of protection. That will make that much harder for anything to spread.

    In the old days we used to tar and feather the type of people who write viruses etc. Sadly enough, today you need to use protection.

  5. None of the articles about OSX/Tsunami-A give the attack vector. THey only say, so far, “unknown”. So is it really in the wild, or is this more of Sophos’s posturing and releasing code itself?

  6. I read about this elsewhere too. According to security researchers at Intego, the current threat level is low. They said that most hacker tools are in limited circulation, and that these tools need to be manually installed on computers before they can be operated remotely.

    Nonetheless, some protection against hackers is certainly better than none at all.

  7. Ever since I started using Mac, I started buying apps from Mac AppStore or products from those legal companies such as Parallel Desktop and etc. I think it really worth your investments. So stop using crack ware and stealing people’s IP then you will be safe.

  8. MDN Take: “No OS can protect users from themselves (or we wouldn’t be able to install any software).”

    As usual, it seems strange that I have to correct MDN on this, but they haven’t revised this boilerplate Take yet. This is no longer true: by default (unless you jailbreak it), iOS actually DOES largely protect users from themselves, and yet they are still able to install software. This is something MDN should brag about – I suggest revising the standard anti-Trojan Horse MDN Take to include this fact.

  9. It is correct that for most individual users the current threat level is low. Hacker tools like this one are used to attack a machine other than the one on which it is installed, and include tools for executing DDoS attacks, scanning ports, sniffing network traffic, searching for known vulnerabilities, etc..

    When this type of attack happens, most firewalls will act and block the sending address, but in sophisticated attacks, these addresses are forged, and may change with each new packet. VirusBarrier X6 protects against all such tools, to protect servers where they may be installed (via exploits that take advantage of vulnerabilities in third-party code, such as PHP).

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.