/>
X

New Mac trojan found hidden in PDF file

A newly discovered Mac vulnerability disguises itself as a PDF to trick users into opening it, which installs an Apache server on your Mac. Luckily it hasn't been weaponized. Yet.
jason-d-ogrady.jpg
Written by Jason D. O'Grady, Contributing Editor on

New Mac trojan found hidden in PDF file - Jason O'Grady

Just when you thought that it was safe to start using your Mac again comes a report that a new PDF vulnerability may be targeting Mac users.

Fellow ZDNet blogger Ryan Naraine brings the news via his Zero Day blog, that the malware, Trojan-Dropper:OSX/Revir.A "installs downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user."

Lovely.

F-Secure notes that the vulnerability disguises itself as an Adobe Acrobat (PDF) file in an effort to trick users into opening it, which of course, triggers its payload. It even opens a bogus Chinese-language PDF in order to deceive the user and avoid detection. The payload, Backdoor:OSX/Imuler.A according to F-Secure, then runs in the background.

The good news, I suppose, is that Revir.A is fairly innocuous at this point. The payload is a bare Apache installation that is "not capable of communicating with the backdoor yet." The going theory is that the author may have leaked it to see if any of the antivirus detectors picked it up. Luckily, someone did.

It's important for Apple to act swiftly on this one. From the looks of things Revir.A probably wouldn't be too hard to weaponize and we're not sure how many people might already have the source code.

Apple: you're on the clock.

MD5 hashes for the samples:

• Trojan-Dropper:OSX/Revir.A: fe4aefe0a416192a1a6916f8fc1ce484 • Trojan-Downloader:OSX/Revir.A: dfda0ddd62ac6089c6a35ed144ab528e • Backdoor:OSX/Imuler.A: 22b1af87dc75a69804bcfe3f230d8c9d

Related

I tried Google's new job interview practice tool and I want to cry
Two mature business people congratulate a young professional.

I tried Google's new job interview practice tool and I want to cry

Google
Delta Air Lines just gave customers something they never believed possible
screen-shot-2022-04-11-at-4-05-44-pm.png

Delta Air Lines just gave customers something they never believed possible

Innovation
Microsoft: Credit card skimmers are switching techniques to hide their attacks
hand holding credit card and wallet by laptop

Microsoft: Credit card skimmers are switching techniques to hide their attacks

Security