Another threat relying on the ol' 'Check-The-Box-To-Install-Malware' vector:
 | | |
| Quote: TrendMicro is reporting on a newly discovered 4th member of the OSX_JAHLAV malware family. The latest variant is once again relying on social engineering, this time spreading under a QuickTime Player update (QuickTimeUpdate.dmg) with a DNS changer component enabling the malware authors to redirect and monitor the traffic of the victim. More info on OSX_JAHLAV.D: The Trojan contains component files detected as UNIX_JAHLAV.D and obfuscated scripts detected as PERL_JAHLAV.F. The Perl script then downloads a file from a malicious site and stores it as /tmp/{random 3 numbers}, detected as UNIX_DNSCHAN.AA, which allows a malicious user to monitor the affected user’s activities. This may also cause the user to be redirected to phishing sites or sites where other malware may be downloaded from. | |
| | |
Source