Mac Trojan poses as PDF

Stephen Withers
Monday, 26 September 2011 09:04

Business IT - Security

Security companies are warning of the arrival of a new Mac Trojan - dubbed Revir - that poses as a PDF file.

Multiple security companies are warning that they have received samples of a new Mac Trojan. It seems that the Trojan has yet to be seen in the wild.

Dubbed Revir.A, the Trojan poses as a PDF file. Masking an executable as a document is a well-known trick.

When run, Revir.A does display a PDF. According to Sophos, the Chinese-language document is about the Diaoyu/Senkaku Islands, which are the subject of a territorial dispute between China and Japan.

Revir.A also downloads a backdoor (Imuler.A) which Intego says can take screenshots and send them to a remote server, as well as performing other unspecified actions. F-Secure reports that while the command and control server is online, it is not yet capable of communicating with the backdoor.

Once the wrinkles have been ironed out, the Trojan could be distributed in a number of ways, including email (perhaps with the contents of the PDF customised to attract the group being targeted by any particular batch).

"We consider the threat to be very low," said Intego officials. Still, it's one more thing to watch out for. Major anti-malware products have been updated to provide protection against Revir.A and Imuler.A.