Dubbed Revir.A, the Trojan poses as a PDF file. Masking an executable as a document is a well-known trick.
When run, Revir.A does display a PDF. According to Sophos, the Chinese-language document is about the Diaoyu/Senkaku Islands, which are the subject of a territorial dispute between China and Japan.
Revir.A also downloads a backdoor (Imuler.A) which Intego says can take screenshots and send them to a remote server, as well as performing other unspecified actions. F-Secure reports that while the command and control server is online, it is not yet capable of communicating with the backdoor.
Once the wrinkles have been ironed out, the Trojan could be distributed in a number of ways, including email (perhaps with the contents of the PDF customised to attract the group being targeted by any particular batch).
"We consider the threat to be very low," said Intego officials. Still, it's one more thing to watch out for. Major anti-malware products have been updated to provide protection against Revir.A and Imuler.A.