A spyware application Intego calls OSX/OpinionSpy is being spread as part of the installation process for a number of screensavers and other apps.
According to Intego, the user is required to install the program, which is claimed to be a market research utility, as part of the installation process for a number of screensavers and at least one other application made freely available and obtainable from legitimate sites including as MacUpdate, VersionTracker and Softpedia. Intego originally posted the names of some screensavers and an application that downloaded the spyware app, but that post seems to have been removed, so I’ve removed the information I originally quoted here, at least until I’m able to find out why it was removed. (Thanks to Alex, who pointed out that the link I’ve removed no longer works.)
The programs that download it are not in themselves detected as malicious. However, it sounds to me as if they might be candidates for detection in their own right as malware downloaders, especially as in some instances the user is not aware that the “utility” is required until the “innocent” program is being installed.
This item has just been posted at Mac Virus, as more people are likely to look for Mac malware information there.
David Harley FBCS CITP CISSP
Research Fellow & Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at: