New Mac OS X trojan poses as malicious PDF file

Security researchers from Sophos and F-Secure have spotted a currently circulating Mac OS X trojan.

Security researchers from Sophos and F-Secure have spotted a currently circulating Mac OS X trojan.

Trojan-Dropper:OSX/Revir.A disguises as a malicious PDF file for spreading purposes. When users attempt to open the Chinese-language PDF file, it installs additional backdoor dubbed Imuler.A, which would give malicious hackers remote access to your Apple Mac computer:

"The malware then proceeds to install a backdoor, Backdoor:OSX/Imuler.A, in the background. As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet. The domain was registered on March 21, 2011 and was last updated on May 21, 2011.

Since this malware sample was received from VirusTotal, we cannot exactly be sure about the method it uses to spread. The most probable way is sending via e-mail attachment. The author could be just testing the water to see if the sample is detected by different AV vendors."

Users are advised to avoid interacting with suspicious files, or follow the mitigation advice offered here.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All