Russian security firm Doctor Web have detected the first fake installer Trojan for Mac OS X, called “Trojan.SMSSend.3666”. Although these fake installers have been around for a long time, they are mainly only detected for Windows users and, more recently, Android.
Fake installers work by launching an interface that is almost, if not completely, identical to the proper application installation wizard. Before a user can start the download, they are asked for their mobile phone number. This is supposedly to generate a code so the installation can be completed but, what it actually does is attaches a regular subscription charge to the users mobile account.
At this point, the installation does not have to complete as they have what they came for. Some do go on to download the legitimate piece of software at this cost to the user, when it is free from the official site of the application provider.
Security has been built-in to Mountain Lion OS X and, provided your settings are “Mac App store and identified developers” then the risks of downloading such malware are minimized but, if you are set to download from “Anywhere” then you take the risk of having Trojans downloaded on to your system.