New trojan that hijacks your Mac’s DNS spotted in the wild
A trojan disguising itself as a QuickTime player update has been identified in the wild. The trojan is related to similar previous trojans that disguised itself as a media player of some sort. However, this new version specifically attempts to hijack DNS requests, sending unsuspecting users to any website the trojan authors wish.
The latest version of this trojan, dubbed OSX_JAHLAV.D by Trend Micro, comes from a number of websites like comandtryx.com, simplexdoom.com, and sinisteer.com—all which originate from a server with the IP address 91.214.45.73. When clicking to play the videos on these sites (I can only assume it promises to be TEH BESTEST PR0N EVAR!!!), you’ll be prompted to install a QuickTime update or plug-in. If you agree, a file called QuickTimeUpdate.dmg will be downloaded.
