Facebook and other social network users need to be aware of this new Trojan OSX.Boonana. Appearing on people’s Facebook pages, the link launches a Java applet that then downloads and runs an installer for the Trojan. To actually install the Trojan on OS X, users will have to enter their password to authorize the installer, something that you should never do if you haven’t run something intentionally yourself. As with all social engineering like this, users could blindly enter their password, thinking it’s for a video. Once on the machine, Boonana runs in the background, reporting back system information and trying to spread itself via the unfortunate user’s email account.
So this sounds like a bad news for Mac users as they need to be careful about where they are providing their password and for what purpose.
Read complete details here:
Cross-platform Boonana Trojan