I have a Mac Trojan

[MacArab]

I think I've come across a real Mac trojan,disguised an an application.

It automatically opens every application on your Mac forcing it to crash.

Can you guys verify this is a new Trojan ? Who can I send it to for testing or verification ?

It's a ZIP file, and an application in the file called Mudskipp.

 

[christm]

does it do it on another account ?

 

[MacArab]

Sorry didn't understand what you mean ... it opens all apps immediately, and so far with all friends who've tried it, it works.

It looks like a cute game icon, but when it's clicked it happens.

Can I post it here for you people to verify this thing ?

I thought there were no trojans for Mac .. I think it's an automator action hidden in an application.

 

[christm]

go to system preferences.

accounts

create a new account and see if the programs still open all at once on it.
call it test account or something.

I highly doubt its a trojan and I dont think there are any. As you said its probably an automator action which has gone wrong.

 

[James]

Sorry didn't understand what you mean ... it opens all apps immediately, and so far with all friends who've tried it, it works.

It looks like a cute game icon, but when it's clicked it happens.

Can I post it here for you people to verify this thing ?

I thought there were no trojans for Mac .. I think it's an automator action hidden in an application.

Well ya..... when you click on it that gives it permission to run. I don't think there are any out there for the mac that can auto run theirselves, you have to give it permission to do so. Any one can write a program for any platform that will do that, the trick is for it to do it on its own hook.

 

[christm]

check in automator for a script that is running this. or delete the program that is running this.

 

[MacArab]

Well, it doesn't ask for a password just runs .. and it's disguised as some kind of game application when it's really an automator action .. I think that's the definition of a Trojan.

I'm sending it to Apple and uploaded it here for testing -- it's not dangerous other than just opening all apps, hope some more tech dudes can analyze it further -

 

[Aptmunich]

It doesn't actually do anything on my system, apart from launch an Automator "Watch me do" script which just causes the system to beep twice.

I'd guess it does something along the lines of "Switch to Finder, hit Shift+Command+A to bring up the apps folder, hit "Command+A" to select all apps, hit "Command+O" to open all applications.

But it could very easily do more damage. (e.g. Command+A to select all apps and then Shift+Command+Backspace to any apps that aren't currently open - assuming you're an Administrator) so watch out what Apps you download from the internet and run.

 

[MacArab]

That sounds dangerous -- shouldn't Apple make it so Mac OS X automatically doesn't run external scripts without permission/password, for the moving apps to trash can example, that would be really bothersome, as you can't restore apps to their original location with a 'restore' option and have to manually move them back.

Apple need to fix this i think.

 

[MacHeadCase]

How did this script get on your Mac in the first place? Why did you install it? Where did you get it?

I know I don't click on something unless I know what it's doing on my Mac.

 

[theonegod]

If you really think you have a virus you submit it to an anti virus company like Symantec or McAfee you don't attempt to spread it to other users on a mac forum. If you ask me you should be banned for trying to spread the program. I believe personally that you made this script yourself and are trying to see if you can manage to get it distributed.

Guess what? A little automator script ISN"T a virus or a trojan. No matter what you name the file or what icon you give it.

 

[Alexis]

A Trojan digs itself into the system, on the back of a legitimate looking program, without your knowledge.

You have a single program which just doesn't do what the filename says.

 

[MacArab]

Are you kidding me ? Before making mindless accusations, I never said it was a virus, I mentioned it only opened all apps and nothing more, and I don't have the abilities to even know how to make an automator script.

A friend sent it to me saying it was a game and when i tried it found out, and told him there were no trojans on a mac and he says no there is, and this is one.

 

[eric]

...clever thinking...

brilliant.

 

[The Vindicat3d]

It's not really a trojan, it's just some automator script with a pretty icon...

 

[MacArab]

how do i remove the download ??

Doesn't do much but maybe its just best the pros look at it, not sure who exactly to send it to to study it.

 

[theonegod]

You drag it to your trash. Also you may consider not using your mac from an admin account.

 

[Aptmunich]

That sounds dangerous -- shouldn't Apple make it so Mac OS X automatically doesn't run external scripts without permission/password, for the moving apps to trash can example, that would be really bothersome, as you can't restore apps to their original location with a 'restore' option and have to manually move them back.

Apple need to fix this i think.

OS X warns you before you launch the script as it was downloaded from the internet.

If it asked you for the password AFTER you already agreed to launching it, it would be fairly pointless a you'd be just as willing to type it in. Plus then you start getting into Vista territory.

You will be asked to delete apps if you run as a regular user - that's the risk of being logged in as an admin all the time.
Restoring the applications is just a matter of dragging them back out of the trash.

If the script wanted to do something really malicious to your system files, it would have to ask you for a password.

 

[MacArab]

That's a relief. I deleted the link anyway.

Looks like a harmless prank ,, but its worrying as a social engineering tool ,,

 

[The Vindicat3d]

how do i remove the download ??

Doesn't do much but maybe its just best the pros look at it, not sure who exactly to send it to to study it.

No one needs to study it just put it in the trash it's just some automator script that anyone who can use automator could make.