OS X users must beware of the new threats that might soon emerge

Sep 23, 2011 11:24 GMT  ·  By

Trojans masqueraded as PDF files will probably hit Apple platforms sometime soon as some mockups have already been discovered, presenting a real threat to Mac users  everywhere.

F-Secure brings to our attention that a malware sample received from Virus Total might be deployed in the near future after being tested by its creators.

Detected as Trojan-Dropper:OSX/Revir.A, the virus appears to do no actual damage so far and that's why the researchers believe that who ever made it might have just released it into the wild to see if it's detected by anti-virus applications.

Hiding under a filename with the extension .pdf.exe, it tries to fool the user into believing that it's an actual pdf. Because in OS X operating systems files are handled differently than in Windows, hackers could assign it any extension or icon they desire, as this information is stored separately in Mac products.

To convince people that it is an actual document, upon execution a real document is opened. Meanwhile, Backdoor:OSX/Imuler.A is downloaded and installed in the background to open a backdoor that will give the attackers further access to the infected system.

The download process is handled by Trojan-Downloader:OSX/Revir.A which makes sure that the rest of the malicious components are placed in strategic locations on the device's storage unit.

The blog that announced the new threat reveals that currently “the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet. The domain was registered on 21 March 2011 and was last updated on 21 May 2011.”

As OS X systems become more popular, cybercriminals try to keep up with the tendencies. These specific threats were easily detected, but if you want to make sure you'll be properly protected against such attacks, then you should always have an up-to-date virus definition database.