How-To Geek

New Trojan Attacks Mac OS X Using Java and Facebook

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

Looks like Apple’s unearned security reputation is going to take a hit with this new trojan attacking Mac machines.

The Trojan, dubbed trojan.osx.boonana.a by security firm SecureMac, appears as a message on social networking sites such as Facebook that reads, “Is this you in this video?” When the user clicks the link, a Java applet runs, allowing the system to download several files and install a program that can bypass the usual password verification OS X requires for installation.

It actually affects Windows machines as well—a cross-platform vulnerability…

New Java trojan attacks Mac OS X via social networking sites [ArsTechnica]

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 10/28/10

Comments (16)

  1. Aethec

    And that’s why people shouldn’t install Java for the sake of installing Java, but only if they really need it…

  2. Jason

    I don’t agree with your comment. Yes that would protect windows users if they only installed java if they needed it. But OSX comes with Java installed by default (at least for the time being) how do you propose protecting from that?

  3. asdf-chan

    You are both wrong, the browser plugin should be disabled so java would not be executed. There is nothing wrong with java. It’s the same shit as for flash: don’t use it and you might not get information you want, use it and you might get your system fu**ed up.

  4. WhatTheHeck

    MACs with a virus? NOT POSSIBLE?

  5. Camilo Martin

    Disabling Java and Flash? Oh, yeah, and don’t forget to disable that dangerous Javascript thing too… Oh, let’s just browse in Lynx, that’ll be secure. Wait, what if there’s a bug in Lynx too? Ah, I know. I’ll download the web pages with wget, go offline and browse from disk. Better turn off the modem just to be sure. But hey, who knows what can be in that firmware… better unplug the antenna… hey, I need a screwdriver here…

  6. asdf-chan

    @Camilo Martin


  7. Thoughtful

    This is clearly a hoax, Macs don’t get viruses

  8. derp

    Thoughtful is clearly a troll

  9. Hatryst

    Simple solution. Stop using Java and facebook :D Your life won’t be crippled, guaranteed…

  10. Deathlock1984

    You are all wrong,

    get a VM and dumb your Mac. ( cause PC > MAC.

  11. Cradelikz

    As long as Mac start to become mainstream as we start to see, we will see this cross platform viruses.

    User base matters and we need to make user-wise decisions.
    Obviously most people from this site will never fall on a trick like that one but what about newbies and people so casual they don’t care?

    Mac’s are not flawless, they are used by humans…

  12. at0mic

    first windows7 puts apple back were it was 10 years ago and now a virus? what will chris pirillo do? lockergnome is doomed! i guess he could show more vacation clips…

  13. matteog

    Mac is safe? a joke

  14. Mayhem

    This is why macs will always be safer than Pcs: they require stupid users to get infected. Don’t open stuff like that and your fine. Its like saying e-mail is unsecure because you mailed the Nigerian prince your life savings.

  15. Kevin

    Okay, first of all, if you all read the damn article right you will see it ask the unsuspecting user “Is that you in that video?” It does not say anything about you need to install Java or this is a Java script. Second, those of you who think Macs are totally safe, are crazy. Any OS can be attacked.

  16. Carlos

    What is really laughable here is the glee that hard-line PC users display every time there is the slightest hint that macs might be vulnerable. What they don’t seem to understand is that firstly, most of us have gravitated to macs from PCs, which means that we probably know more about different operating platforms than they do, both through experience and by comparison. In fact, we often carry the paranoia that was borne out of using windows-compatible computers into mac ownership, subsequently looking over our shoulders for the bad guys out of habit, and that secondly, as a result, most of us are well aware that there is no such thing as an invulnerable OS, however, we ARE now using an operating system which IS safer than Windows – whether they like it or not. As the article suggests, stupid or naive people will click on bad links irrespective of which platform they use. And equally stupid people will apparently continue to devote column inches in order to to tell us things we already know.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!