It seems that there could be a new piece of malware doing the rounds that is specifically targeting OS X users.

The malicious code is believed to have been written by the same author responsible for the DNSChanger family of OS X malware. Although it is said to have many similarities, this new malware does not target DNS settings, but rather tries to download and execute additional malicious code.

The author is distributing the malware in the tried and tested ‘codec scam’, where the user is tricked into installing a Video Codec that they neither need or want. When executed the downloaded code runs various scripts and pulls down other malware to compromise the OS X machine.

The malware is known as OSX/Jahlav.A, the installed is labelled as MacAccess and the installer claims to fix for a ‘Video ActiveX Object Error’ and is delivered as a handy .dmg file. Which assuming you open ‘Safe’ attachments in Safari will when downloaded will open and mount and start the infection process.

Within the Trojaned installer there are two malicious executables that are dropped into the location ‘/Library/Internet Plug-Ins’ with a cron job setup to ensure that they get executed.

Although written by the DNSChanger author this bit of malware doesn’t alter the DNS settings of the OS X machine, but installs backdoor component that is designed to allow the download and installation of other malware components. The malware also gathers some information from the compromised system and sends it back to the download server.

If you are an OS X user we recommend that you make sure any anti virus you have installed is up to date and the vendor has signatures for this piece of malware.

Add this page to your favorite Social Bookmarking websites