Security researchers have discovered adware which affects OS X and could be used as a doorway for Trojans.
Researchers from Dr Web, a Russian anti-malware company, found a kind of adware, titled Adware.Mac.WeDownload.1, with a modified version of Adobe Flash player. The adware was discovered on a wedownload.com domain
When the program is launched, Adware.Mac.WeDownload.1 asks the user for administrator privileges to install Flash Player, allowing it a great deal of control over the user's system.
It then sends requests to three command and control servers to get data for the application window. If the adware gets a response, it sends the servers a POST request with the downloaders data.
When this is done Adware.Mac.WeDownload.1 will receive programs that may include malware. Dr Web lists these as including Program.Unwanted.MacKeeper, Mac.Trojan.Crossrider, Mac.Trojan.Genieo, Mac.BackDoor.OpinionSpy, various Trojans belonging to the Trojan.Conduit family and others.
According to Softpedia, a tech news outlet, “the type of applications a victim receives to install depends on their geographical coordinates, which is a twist in regular adware strategy, which usually tries to achieve a quota of installations before moving to the next malicious app in its queue”