New Mac OS X trojan poses as malicious PDF file

Summary:Security researchers from Sophos and F-Secure have spotted a currently circulating Mac OS X trojan.

Security researchers from Sophos and F-Secure have spotted a currently circulating Mac OS X trojan.

Trojan-Dropper:OSX/Revir.A disguises as a malicious PDF file for spreading purposes. When users attempt to open the Chinese-language PDF file, it installs additional backdoor dubbed Imuler.A, which would give malicious hackers remote access to your Apple Mac computer:

"The malware then proceeds to install a backdoor, Backdoor:OSX/Imuler.A, in the background. As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet. The domain was registered on March 21, 2011 and was last updated on May 21, 2011.

Since this malware sample was received from VirusTotal, we cannot exactly be sure about the method it uses to spread. The most probable way is sending via e-mail attachment. The author could be just testing the water to see if the sample is detected by different AV vendors."

Users are advised to avoid interacting with suspicious files, or follow the mitigation advice offered here.

Topics: Malware, Apple, Hardware, Operating Systems, Security, Software

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.