SecureMac today informed the community of Mac-users about a new trojan called trojan.osx.boonana.a or just Boonana. The Trojan affects Mac OS X, including Snow Leopard (OS X 10.6), the latest version of OS X. The virus is spreading through social networking sites, including Facebook, disguised as a video. The trojan is currently appearing as a link in messages on social networking sites with the subject “Is this you in this video?”
When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the trojan horse hijacks user accounts to spread itself further via spam messages. Users have reported the trojan is spreading through e-mail as well as social media sites.
The trojan attempts to hide its internet communications and actions through obfuscated code spread through multiple files, and will attempt to contact additional command servers if the primary servers are unavailable.
While this is not the first Trojan for Mac, which uses Java-vulnerability in the browser, but it is the rare case where it works on both platforms simultaneously. SecureMac has released a free tool for removing Boonana, which you can download here.