toggle

AAPL Stock: 524.94 ( + 5.93 )

Printed from http://www.macnn.com

Mac Trojan may funnel files, screenshots to distant servers

updated 01:15 pm EDT, Fri September 23, 2011

Malware currently just minor threat

A newly-detailed Trojan attack is being directed at Macs, say security firms F-Secure and Sophos. Originally spotted in late July, the Trojan relies on two pieces of malware. The first is a downloader identified as "Trojan-Dropper:OSX/Revir.A," which not only retrieves the second piece of software but repeatedly opens a Chinese PDF document -- trojan.pdf -- said to contain offensive political statements. The real purpose of the document is thought to be distracting a person while the second app is downloaded.

Nicknamed "BackDoor:OSX/Imuler.A," the second half of the Trojan configures a launch agent which keeps the malware active, and then connects to a remote server, feeding it a victim's computer username and MAC address. The server can reportedly instruct a besieged system to archive files and upload them, or else capture screenshots for upload. F-Secure comments that Imuler.A currently seems to be working badly or not at all, since it isn't receiving instructions; the company warns, though, that server may simply be in a testing phase, and could later become fully functional.

Both Sophos and F-Secure have produced updated definitions for their antivirus scanners that should cope with the Trojan. Apple has yet to push out new definitions for Lion and Snow Leopard, but the malware is said to be relatively easy to stop manually. People must first stop a process called "checkvir" in the Activity Monitor, and then delete "checkvir" and "checkfir.plist" files from their /username/Library/LaunchAgents/ directory.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. dliup

    Joined: Dec 1969

    -5

    non-issue

    Apple will provide a security definition within 24 hours to lock out the trojan.

  1. lysolman

    Joined: Dec 1969

    0

    What in the world

    is an offensive political statement?

    Comment buried. Show
  1. testudo

    Joined: Dec 1969

    -14

    Re: non-issue

    Of course it's a non-issue. Every mac 'security hole' is a non-issue. Because a patch will be issued. Or a definition. Or it requires physical access. Or requires the user to do something they shouldn't do.

    Comment buried. Show
  1. Grendelmon

    Joined: Dec 1969

    -10

    Non-issue?

    AYFKM? Your responses just keep getting better. Denial.

    SAVE US APPLE!!! OH, THE MESSIAH... SAVE US!!!

  1. dliup

    Joined: Dec 1969

    +5

    @testudo

    Software cannot correct user stupidity. You are a prime example.

  1. rbodgers

    Joined: Dec 1969

    +8

    @testudo

    "Because a patch will be issued. Or a definition. Or it requires physical access. Or requires the user to do something they shouldn't do."

    That same statement is just as valid for Windows. But:

    - not everyone runs their updates timely
    - definitions are not always timely
    - smart people do dumb things ALL THE TIME (especially those of us who should know better)

  1. Evolution_tech

    Joined: Dec 1969

    0

    @testudo

    Another pinhead comment by an ignorant troll.

  1. facebook_William

    Via Facebook

    Joined: Sep 2011

    +1

    Apple XProtect v24 is out

    Adds OSX.Revir.A definition.
    Run sudo /usr/libexec/XProtectUpdater or just reboot if you want to be protected now. XProtectUpdater runs every 24 hours from boot time.

  1. byRyan

    Joined: Dec 1969

    +6

    stealthy naming

    wow - so two of the files involved in this Trojan are named "Trojan"

    Note to self, don't open files labeled TROJAN

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Booqpad for iPad Air

Before we get rolling, I'll confess: I've never understood the purpose of cases like the Booqpad. If you've got a tablet, surely p ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

toggle

Most Commented