Apple silently updates OS X to protect against SMS trojan

“Apple has silently updated malware definitions in OS X to block a trojan discovered on the Internet earlier this week,” MacNN reports.

“Known as Trojan.SMSSend.3666, the code comes disguised as an installer for various apps,” MacNN reports. “Opening the installer prompts people to ‘activate’ their software by SMS, entering a key into the installer after receiving an initial text.”

MacNN reports, “The reality is that the trojan is signing users up for a subscription service that charges them via their cellphone bill.”

More info and links in the full article here.

[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]


    1. This isn’t a virus is it? You download an installer, run it, it asks you for your cell phone, and you give it. All legit operations. There relly isn’t anything wrong with any of the processes or code other than human error in trusting this installer.

    2. This is a Trojan horse which is massively different. Trojan horses require user action to do their damage.

      Example a knife that you can cut yourself is a Trojan horse. Certainly a potential problem but avoidable with some care. A knife that suddenly and unexpectedly leaps out of the block and flies through the air and stabs you is a virus. A much more serious problem that requires orders of magnitude more effort to deal with and avoid.

      Not the same.

    3. The general term is not ‘viruses’. It is malware. Strictly speaking, there are NO actual viruses for OS X. Instead, as of today, there are (depending on your version of OS X) about 24 different malware of OS X malware with a total of about 94 strains. Almost all of them are Trojan horses, requiring social engineering to convince the user to manually install them. The one exception is OSX.Flashback.S which used a whopping huge drive-by web infection security hole in Java to infect ~600,000 Macs this past summer, the worst Mac infection in history.

      (BTW: There is a new Java update for Mac, v1.7 Update 10, aka 7u10. If you don’t use Java, don’t install it. If you install Java, turn it OFF unless you’re specifically at a website you trust. Then turn it OFF again. Java is the single most dangerous software you can install on a Mac. AKA java sucks major balls).

      I write about Mac security here:

        1. Um huh? I’ve been around MDN for at least a decade. I’ve been writing about Mac security since 2007. I enjoy reading and sharing Apple news as well as helping people out with information while also relishing the opportunity to trample ignorant anti-Apple trolls into the dirt.

          Meanwhile: MDN is NOT a political website, despite rubbish and PoliTard posts to the contrary. My personal political POV is that of what I call a positive anarchist. I believe in maximum choice while taking maximum responsibility for those choices. My POV does not fit on the usual 1-dimensional political scale.

  1. Apple’s XProtect anti-malware software ‘silently updates’ on a regular basis. Apple is calling this malware ‘OSX.SMSSend.i’. It is recycled Windows malware.

    XProtect (aka ‘File Quarantine’) is built into OS X 10.6 Snow Leopard on up. You can check out the plist file for XProtect, which lists all the malware it detects, here:


    As of yesterday, line 1408 lists OSX.SMSSend.i

        1. Yeah, it detects all right, but I believe it is in fact not so much an application, but rather a standard text that is displayed whenever you run it:

          “WARNING! the malware “Windows” seems to be installed on your computer. Quit now or all your data may be in danger!”

        2. Microsoft bought a good anti-malware program, and they managed to not completely screw it up in the couple of years its been under Microsoft’s stewardship. Given how incredibly low Microsoft has set the bar for security on their platforms, it’s really impressive – truly Microsoft at its least incompetent.

          OS X and iOS security, however, is still in a whole other league.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.