Intego Reports Spyware Found in Some Free Mac Apps [Updated]

Intego’s OSX/OpenionSpy warning in VirusBarrier

In addition to siphoning off personal information and user activity records, the spyware, dubbed OSX/OpinionSpy, monitors activity on all connected drives, opens network port 8254, relaunches itself if quit, and runs with root user-level control. It also adds code to Safari, Firefox and iChat to monitor user activity.

The OSX/OpinionSpy malware has been identified in these screen savers from 7art-screensavers:

  • Secret Land ScreenSaver v.2.8
  • Color Therapy Clock ScreenSaver v.2.8
  • 7art Foliage Clock ScreenSaver v.2.8
  • Nature Harmony Clock ScreenSaver v.2.8
  • Fiesta Clock ScreenSaver v.2.8
  • Fractal Sun Clock ScreenSaver v.2.8
  • Full Moon Clock ScreenSaver v.2.8
  • Sky Flight Clock ScreenSaver v.2.8
  • Sunny Bubbles Clock ScreenSaver v.2.9
  • Everlasting Flowering Clock ScreenSaver v.2.8
  • Magic Forest Clock ScreenSaver v.2.8
  • Freezelight Clock ScreenSaver v.2.9
  • Precious Stone Clock ScreenSaver v.2.8
  • Silver Snow Clock ScreenSaver v.2.8
  • Water Color Clock ScreenSaver v.2.8
  • Love Dance Clock ScreenSaver v.2.8
  • Galaxy Rhythm Clock ScreenSaver v.2.8
  • 7art Eternal Love Clock ScreenSaver v.2.8
  • Fire Element Clock ScreenSaver v.2.8
  • Water Element Clock ScreenSaver v.2.8
  • Emerald Clock ScreenSaver v.2.8
  • Radiating Clock ScreenSaver v.2.8
  • Rocket Clock ScreenSaver v.2.8
  • Serenity Clock ScreenSaver v.2.8
  • Gravity Free Clock ScreenSaver v.2.8
  • Crystal Clock ScreenSaver v.2.6
  • One World Clock ScreenSaver v.2.8
  • Sky Watch ScreenSaver v.2.8
  • Lighthouse Clock ScreenSaver v.2.8

 

OSX/OpinionSpy has also been found in the MishInc FLV to Mp3 application.

The company initially planned to release its list of applications and screen savers that include the malware on Wednesday, but later offered up the information earlier. Intego said it will update the list as it finds more applications that are compromised and that the information will be available on its Mac Security Blog Web site.

[Updated with additional information about compromised applications.]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.