A new Trojan horse that not only affects Windows, but Mac OS X as well, has appeared on social networking sites (including Facebook), primarily disguised as a video. When users click an infected link along the lines of “Is this you in this video?”, a Java applet downloads multiple files, including an installer that runs automatically without the user’s knowledge. The malware also bypasses the usual password verification OS X requires for installation.

Dubbed trojan.osx.boonana.a by SecureMac, it launches automatically on startup, communicates with command and control servers, and can also crack user accounts on other sites to continue infecting others. The security firm notes that it can spread itself to both Mac OS X and Windows,