Researchers from Intego have uncovered spyware being distributed with numerous free screensavers and applications for Mac OS X.
According to Intego, the spyware, detected as OSX/OpinionSpy, records user activity and opens a backdoor on infected systems. The malware is installed by a number of applications and screensavers distributed on sites such as MacUpdate, VersionTracker and Softpedia. While the spyware itself is not contained in these applications, it is downloaded during the installation process, the company noted.
“The information provided with some of these applications contains a misleading text that users must accept explaining that a ‘market research’ program is installed with them, but not all of these specify this,” Intego said in a June 1 advisory. “Some of these programs are also distributed directly from developers’ web sites with no such warning.”
The malware, a version of which has existed for Windows since 2008, claims to collect browsing and purchasing information used in market reports but in fact goes much further-a fact that led Intego to classify it as spyware.
In addition to the actions mentioned above, Intego warned that OSX/OpinionSpy also analyzes packets entering and leaving the infected Mac over the local network, injects code into Safari, Firefox and iChat, and copies personal data from these applications without user intervention.
“Users have no way of knowing exactly what data is collected and sent to remote servers; such data may include user names, passwords, credit card numbers and more,” Intego warned. “The risk of this data being collected and used without users’ permission makes this spyware particularly dangerous to users’ privacy.”