Posted by: David Harley | December 13, 2012


Trojan.SMSSend.366 is a fake installer that passes itself off as VKMusic 4 for Mac OS X but actually has  a nasty habit of subscribing victims to an expensive and useless SMS subscription service. A style of malware we’re more used to seeing on Windows machines than on Macs, so interesting, but not a major threat outside Russia, especially as Apple has already updated its XProtect.plist internal detection to catch it. Not that I’m a great fan of that method of blacklisting malware – it doesn’t work all the contexts a commercial AV product does – but it’s still a lot better than ignoring it.

The malware was first reported by Dr.Web, and also flagged by Kaspersky. I haven’t noticed it mentioned publicly by AV companies outside Russia, but samples have been shared.




  1. It’s also of note that Gatekeeper would block this on Mountain Lion.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: