Intego Warns of 'NetWeird' Mac Malware


Intego researchers recently came across a new backdoor called OSX/NetWeirdRC, which is being sold online for as little as $60.

"NetWeird was uncovered targeting the Apple Mac operating system earlier in August," writes's Alastair Stevenson. "It works by installing itself into the user's home directory as an application bundle called"

"In testing, it was found that this malware is not persistent -- perhaps due to a bug, it does not restart after a reboot, and will lie dormant unless it is manually restarted or removed," writes Intego's Lysa Myers.

"It adds itself to your login items, presumably with the intention of loading up every time you reboot your Mac. But a bug means that it adds itself as a folder, not an application," writes Sophos' Paul Ducklin. "All that happens when you log back in is that Finder pops up and displays your home directory."

"Even better, Mountain Lion’s default security settings prevent this particular piece of malware from even being installed," writes WebProNews' Zach Walton. "The latest version of Mac OS X will prevent any software not from the app store or a verified developer from being installed."

"In another light, NetWeird simply represents criminals trying to out-scam each other," writes InformationWeek's Mathew J. Schwartz. "Just as scammers use scareware to socially engineer consumers into paying for products that pretend to rid their PCs of viruses they don't have, some malware developers are now selling bargain-rate, busted Mac botnet toolkits to unsuspecting buyers. 'It would seem that you get what you pay for, even in the malware world,' said Myers."