Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Malware

New Mac OS X trojan poses as malicious PDF file

Summary: Security researchers from Sophos and F-Secure have spotted a currently circulating Mac OS X trojan.

Dancho Danchev

By for Zero Day |

Security researchers from Sophos and F-Secure have spotted a currently circulating Mac OS X trojan.

Trojan-Dropper:OSX/Revir.A disguises as a malicious PDF file for spreading purposes. When users attempt to open the Chinese-language PDF file, it installs additional backdoor dubbed Imuler.A, which would give malicious hackers remote access to your Apple Mac computer:

"The malware then proceeds to install a backdoor, Backdoor:OSX/Imuler.A, in the background. As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet. The domain was registered on March 21, 2011 and was last updated on May 21, 2011.

Since this malware sample was received from VirusTotal, we cannot exactly be sure about the method it uses to spread. The most probable way is sending via e-mail attachment. The author could be just testing the water to see if the sample is detected by different AV vendors."

Users are advised to avoid interacting with suspicious files, or follow the mitigation advice offered here.

Topics: Malware, Apple, Hardware, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion

  • Linux is safe

    only mac and windoze are affected.
    The Linux Geek
    Reply Vote

    • RE: New Mac OS X trojan poses as malicious PDF file

      @The Linux Geek Safe from this particular Trojan maybe, open to everything else still. And the funny thing is, they don't bring up Windows being at all affected by it in this article. So you keep on hating.
      Bates_
      Reply Vote

      • He is trolling

        @Bates_

        Please don't feed him.
        honeymonster
        Reply Vote

    • RE: New Mac OS X trojan poses as malicious PDF file

      Though I've never tried Linux or any Unix-based OS, in my opinion, this is a shining example of how Mac computers are inefficiently insecure when it comes to viruses. Also it is not a matter of OS vs OS as people tend to believe most of the time. It's not that cut and dry. It also depends on your scale of knowledge of the OS and the best settings, whether it be security, or remotely related to security issues, and even knowing what best protection there is out there. Plus that, and people tend to think McAfee or Norton alone are going to ward off viruses. They're not the best protection out there. I love either Bitdefender Free or Avira Free, along with malware fighter and Threatfire to top it off. Plus RUBotted and BDUSB Immunizer. And just for the record, i'm not saying to get more than 1 conventional traditional, standalone AV. That creates issues. What I mean is supplementary non-standalone Protection which is what Malware fighter and Threatfire, RUBotted, and BDUSB immunizer are. Also for the record, Iobit's download server port did get infected with a trojan, but it's cleaned up now for the most part, and ASC and Malware Fighter are a great team and work perfectly, especially together, along with SmartDefrag, and ASC's SmartRAM, and the TurboBoost. Also Opera is a great browser both in security, and any security issues have been fixed since arisen for the record, and very fast/efficient, and has alot of features.

      That's my opinion anyway. No way is the wrong way.
      imanerd11
      Reply Vote

    • RE: New Mac OS X trojan poses as malicious PDF file

      Also Bates_ has a great point. Nowhere does it say in this article that Windows is reported to have been infected. That's not to say Windows doesn't have its own set of issues - EVERY OS does, but Windows is by far the best OS I've ever used, and I still use windows 7 after having used an old homemade computer with xp for about 15 years.
      imanerd11
      Reply Vote

  • You forgot to include the screenshot of the

    Credential's dialog that pops up at the same time stating: "Installer requires your password to continue."
    baggins_z
    Reply Vote

    • RE: New Mac OS X trojan poses as malicious PDF file

      @baggins_z

      According to the full write-up from Magmatic, the credentials dialog may or may not show up:

      [i]"It is important to realize that a developer can bypass the need for the user to enter the Administrator Password when creating an installer Package."[/i]
      UrNotPayingAttention
      Reply Vote

      • Only if files are installed in the user-writeable areas...

        Only if files are installed in the user-writeable areas, which means not any system areas or even the Applications folder. The same goes for Linux.
        olePigeon
        Reply Vote

      • RE: New Mac OS X trojan poses as malicious PDF file

        @olePigeon <i>"Only if files are installed in the user-writeable areas"</i>

        Exactly, and that will prevent it from running on your computer in what way? :|
        MrElectrifyer
        Reply Vote

  • RE: New Mac OS X trojan poses as malicious PDF file

    Wait, are you *really* saying this trojan poses as a MALICIOUS pdf? Why would someone deliberately open a malicious pdf in the first place? Don't you mean it poses as an "ordinary" pdf?
    bmgoodman
    Reply Vote

    • RE: New Mac OS X trojan poses as malicious PDF file

      @bmgoodman
      I was about to make the same point, glad someone else is paying attention.
      hectorj102
      Reply Vote

  • RE: New Mac OS X trojan poses as malicious PDF file

    As usual it's a trojan which requires user intervention. Unlike viruses which only affect Windows...
    shellcodes_coder
    Reply Vote

  • Would that be the malware...

    that was dealt with as described here: http://www.appleinsider.com/articles/11/09/26/apple_erases_emerging_mac_os_x_trojan_via_malware_definition_update.html
    msalzberg
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close