Home / malware Trojan:MacOS_X/Pameseg.A
First posted on 28 December 2012.
Source: MicrosoftAliases :
Trojan:MacOS_X/Pameseg.A is also known as Trojan.SMSSend.3666 (Dr.Web), OSX/Hoax.ArchSMS.AA (ESET), OSX/ArchSMS-J (Sophos).
Explanation :
Trojan:MacOS_X/Pameseg.A is an installer that requires you send an SMS or mobile text message to a premium number to successfully install certain programs, some of which are otherwise available for free. It is related to the Win32/Pameseg family of installers.
Currently, variants of Pameseg target Russian speakers.
The installer claims that when you send the text message, you will receive a code that you can use to complete installation of the program. However, this has not been verified.
Trojan:MacOS_X/Pameseg.A is the first variant we have seen targeting Mac OS X users. In the wild, we have seen it distributed as "VKMusic 4 Mac OS X" - an application designed to play music shared or posted by users on a popular Russian social-networking site.
Installers detected as Trojan:MacOS_X/Pameseg.A may appear similar to the following:
For more information on Pameseg, please see the Win32/Pameseg encyclopedia entry and the following blog posts:
- Easy Money: Program:Win32/Pameseg (part one)
- Easy Money: Program:Win32/Pameseg (part two)
Last update 28 December 2012
