New Mac trojan found hidden in PDF file
Summary: A newly discovered Mac vulnerability disguises itself as a PDF to trick users into opening it, which installs an Apache server on your Mac. Luckily it hasn't been weaponized. Yet.
Just when you thought that it was safe to start using your Mac again comes a report that a new PDF vulnerability may be targeting Mac users.
Fellow ZDNet blogger Ryan Naraine brings the news via his Zero Day blog, that the malware, Trojan-Dropper:OSX/Revir.A "installs downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user."
Lovely.
F-Secure notes that the vulnerability disguises itself as an Adobe Acrobat (PDF) file in an effort to trick users into opening it, which of course, triggers its payload. It even opens a bogus Chinese-language PDF in order to deceive the user and avoid detection. The payload, Backdoor:OSX/Imuler.A according to F-Secure, then runs in the background.
The good news, I suppose, is that Revir.A is fairly innocuous at this point. The payload is a bare Apache installation that is "not capable of communicating with the backdoor yet." The going theory is that the author may have leaked it to see if any of the antivirus detectors picked it up. Luckily, someone did.
It's important for Apple to act swiftly on this one. From the looks of things Revir.A probably wouldn't be too hard to weaponize and we're not sure how many people might already have the source code.
Apple: you're on the clock.
MD5 hashes for the samples:
• Trojan-Dropper:OSX/Revir.A: fe4aefe0a416192a1a6916f8fc1ce484 • Trojan-Downloader:OSX/Revir.A: dfda0ddd62ac6089c6a35ed144ab528e • Backdoor:OSX/Imuler.A: 22b1af87dc75a69804bcfe3f230d8c9d
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Poor headline: No, not hidden in PDF
RE: New Mac trojan found hidden in PDF file
Will this ever be as big as the PC infestation over the years? Not likely because the PC Infestation also brought about fundamental changes in the way security is handled and this stuff has been implemented in pretty much every modern OS.
Is this a sign of the future, sure is but to what degree is really anyone's guess.
RE: New Mac trojan found hidden in PDF file
So, for all those iPad users who seem to think they can not have a security issue - they really need to get updated. AND, in fact, I hold that is true of ALL tablet users, regardless of OS - they have become an attractive target, especially because so many ignorant users have no real clues.
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
It's the PR equivalent of "measure twice, cut once".
Yes, this can look like inaction before the resolution.
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
Actually, I was being serious. The fact that Apple danced around the Mac Guard and Mac Defender Trojans for the longest time, even going as far as to <I>deny</I> the whole situation - straight up to the consumer, was very concerning.
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
Apple has already updated the XProtect.plist.
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
Give me a break.
Kent
RE: New Mac trojan found hidden in PDF file
Give me a break.
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file
RE: New Mac trojan found hidden in PDF file