New Mac OS X trojan poses as malicious PDF file

New Mac OS X trojan poses as malicious PDF file

Summary: Security researchers from Sophos and F-Secure have spotted a currently circulating Mac OS X trojan.

SHARE:

Security researchers from Sophos and F-Secure have spotted a currently circulating Mac OS X trojan.

Trojan-Dropper:OSX/Revir.A disguises as a malicious PDF file for spreading purposes. When users attempt to open the Chinese-language PDF file, it installs additional backdoor dubbed Imuler.A, which would give malicious hackers remote access to your Apple Mac computer:

"The malware then proceeds to install a backdoor, Backdoor:OSX/Imuler.A, in the background. As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet. The domain was registered on March 21, 2011 and was last updated on May 21, 2011.

Since this malware sample was received from VirusTotal, we cannot exactly be sure about the method it uses to spread. The most probable way is sending via e-mail attachment. The author could be just testing the water to see if the sample is detected by different AV vendors."

Users are advised to avoid interacting with suspicious files, or follow the mitigation advice offered here.

Topics: Malware, Apple, Hardware, Operating Systems, Security, Software

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Linux is safe

    only mac and windoze are affected.
    The Linux Geek
    • RE: New Mac OS X trojan poses as malicious PDF file

      @The Linux Geek Safe from this particular Trojan maybe, open to everything else still. And the funny thing is, they don't bring up Windows being at all affected by it in this article. So you keep on hating.
      Bates_
      • He is trolling

        @Bates_

        Please don't feed him.
        honeymonster
    • RE: New Mac OS X trojan poses as malicious PDF file

      Though I've never tried Linux or any Unix-based OS, in my opinion, this is a shining example of how Mac computers are inefficiently insecure when it comes to viruses. Also it is not a matter of OS vs OS as people tend to believe most of the time. It's not that cut and dry. It also depends on your scale of knowledge of the OS and the best settings, whether it be security, or remotely related to security issues, and even knowing what best protection there is out there. Plus that, and people tend to think McAfee or Norton alone are going to ward off viruses. They're not the best protection out there. I love either Bitdefender Free or Avira Free, along with malware fighter and Threatfire to top it off. Plus RUBotted and BDUSB Immunizer. And just for the record, i'm not saying to get more than 1 conventional traditional, standalone AV. That creates issues. What I mean is supplementary non-standalone Protection which is what Malware fighter and Threatfire, RUBotted, and BDUSB immunizer are. Also for the record, Iobit's download server port did get infected with a trojan, but it's cleaned up now for the most part, and ASC and Malware Fighter are a great team and work perfectly, especially together, along with SmartDefrag, and ASC's SmartRAM, and the TurboBoost. Also Opera is a great browser both in security, and any security issues have been fixed since arisen for the record, and very fast/efficient, and has alot of features.

      That's my opinion anyway. No way is the wrong way.
      imanerd11
    • RE: New Mac OS X trojan poses as malicious PDF file

      Also Bates_ has a great point. Nowhere does it say in this article that Windows is reported to have been infected. That's not to say Windows doesn't have its own set of issues - EVERY OS does, but Windows is by far the best OS I've ever used, and I still use windows 7 after having used an old homemade computer with xp for about 15 years.
      imanerd11
  • You forgot to include the screenshot of the

    Credential's dialog that pops up at the same time stating: "Installer requires your password to continue."
    baggins_z
    • RE: New Mac OS X trojan poses as malicious PDF file

      @baggins_z

      According to the full write-up from Magmatic, the credentials dialog may or may not show up:

      [i]"It is important to realize that a developer can bypass the need for the user to enter the Administrator Password when creating an installer Package."[/i]
      UrNotPayingAttention
      • Only if files are installed in the user-writeable areas...

        Only if files are installed in the user-writeable areas, which means not any system areas or even the Applications folder. The same goes for Linux.
        olePigeon
      • RE: New Mac OS X trojan poses as malicious PDF file

        @olePigeon <i>"Only if files are installed in the user-writeable areas"</i>

        Exactly, and that will prevent it from running on your computer in what way? :|
        MrElectrifyer
  • RE: New Mac OS X trojan poses as malicious PDF file

    Wait, are you *really* saying this trojan poses as a MALICIOUS pdf? Why would someone deliberately open a malicious pdf in the first place? Don't you mean it poses as an "ordinary" pdf?
    bmgoodman
    • RE: New Mac OS X trojan poses as malicious PDF file

      @bmgoodman
      I was about to make the same point, glad someone else is paying attention.
      hectorj102
  • RE: New Mac OS X trojan poses as malicious PDF file

    As usual it's a trojan which requires user intervention. Unlike viruses which only affect Windows...
    shellcodes_coder
  • Would that be the malware...

    that was dealt with as described here: http://www.appleinsider.com/articles/11/09/26/apple_erases_emerging_mac_os_x_trojan_via_malware_definition_update.html
    msalzberg