More Information on OSX/Crisis Trojan Released: What Can It DO?

More details about the newly-discovered Crisis Trojan targeting Apple users have emerged, and let me just say: OSX/Crisis (aka OSX/Morcut) is jam-packed with some extra creepy functionality.

Functionality

After OSX/Crisis has been successfully installed on a machine, it will inject itself into a number of programs to spy on the infected user’s activity.  These applications include popular ones like:

• Skype


• MSN Messenger


• Adium


• Firefox

In addition to tracking all activity within the programs listed above, OSX/Crisis allows an attacker to monitor and/or control the following operations:

• Mouse position


• Location


• Internal Webcam & Microphone


• Clipboard Contents


• Key strokes


• Running applications


• Web addresses


• Screenshots


• Calendar Data & Alerts


• Device Information


• Address Book Contact Information

As you can tell, with OSX/Crisis on your system, you will have no sense of privacy. Everything you do is subject to being recorded – including any audio conversations held via Skype – and all of the data collected by OSX/Crisis will be sent to a remote server controlled by the attackers.

On a side note, Intego Security researchers found that there are sections of the Crisis Trojan’s code that suggests that it was a part of a commercial malware tool called “Remote Control System” (or RCS) that’s geared towards government surveillance and mainly sold in the US and Europe.

RCS, which was created by a company called HackingTeam, usually carries a hefty price tag of €200,000 ($245,664), leading Intego to believe that it’s likely only being used in targeted attacks.

Dr. Web’s write-up of OSX/Crisis, which they identify as BackDoor.DaVinci.1, appears to draw up the same conclusion.

Known Aliases

Although this new Trojan is often referred to as the “Crisis” Trojan, it does have other names:

• OSX/Morcut (Sophos)


• BackDoor.DaVinci.1 (Dr. Web)


• Backdoor:MacOS_X/Flosax.A (Microsoft)

Graham Cluley of Sophos stated that the “Crisis” name is a result of the name appearing within the malware’s code. Instead of adopting the suggested name, Sophos opted to name the Trojan OSX/Morcut.

Dr. Web’s name seems to be derived from the name of the man who started HackingTeam, David Vincenzetti.

Microsoft stated on Facebook that they detect this threat as MacOS_X/Flosax.A.

Detecting & Removing OSX/Crisis

It’s important to note that OSX/Crisis has still NOT been spotted in-the-wild, so the risk of being infected is relatively low. However, Intego, Sophos and Dr. Web all offer antivirus solutions that are capable of detecting and removing the OSX/Crisis in the event that the day where it is actively being spread comes.

For more information on OSX/Crisis, including what versions of OS X it runs on, check out my previous post.

[via Intego][via Sophos][via Dr. Web]

Note: This article was updated on 7/30/12 to add Microsoft's alias for OSX/Crisis.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+

Flashback RoundUp: Conflicting Infection Reports, More Zombie Macs, & New Variant Spotted

Phew!

A lot has been going on with the whole Flashback (or “Flashfake”) malware fiasco, so I’ll do my best to sum everything up…

Conflicting Reports on # of Macs Infected with Flashback Malware

For a short period of time, it appeared that things were improving as Symantec had reported that the number of Macs infected with Flashback malware had dropped from 600,000+ to 140,000.

Kaspersky Lab also reported a decrease in the number of infections, stating that only 30,000 Macs were still under the influence of Flashback (aka Flashfake) malware.

However, these numbers didn’t match up with the latest report from Dr. Web, which still reflected an army of zombie Macs that was still over 500,000 machines strong.

Confused? Good, so was the rest of the world, which lead some to question on whether or not  security firms were attempting to scare users into purchasing antivirus software.

So, what’s with the discrepancy?

Apparently, sinkholes setup by Symantec (and other companies) were receiving limited infection counts for Flashback.

Dr. Web reported that a server registered at IP address 74.207.249.7 (and controlled by an unidentified third-party) would communicate with the infected Macs, but never close the TCP connection. This was causing bots to switch to ‘standby’ mode as they wanted for a reply from the server, preventing them from communicating with other command and control servers (or sinkholes setup by various security companies tracking the malware).

That changed the number of infected machines observed by researchers, which ultimately lead to contradicting reports.

Researchers at Intego agreed with Dr. Web’s claims and went on to say that there are likely infected Macs that are not being accounted for and that there was a possibility that more Macs are being infected on a daily basis.

Fueling the fire of uncertainty, Intego also reported that some of the specific domains that Flashback malware attempts to contact resolve to 127.0.0.1 (or localhost), keeping the Mac from reaching the command & control servers and knocking the stats even further off-track.

There’s a New Flashback Variant Out There…

As if that weren’t aggravating enough, Intego also reported yesterday that they’d spotted a new variant of Flashback (Flashback.S) that continues to exploit Java vulnerability CVE-2012-0507, which was patched by Apple around two weeks ago.

Intego warns this latest Flashback variant is actively being distributed in the wild (likely via drive-by-downloads) and does not require a password to be installed.

During installation, Flashback.S will place its files in the user’s home folder, at the following locations:

• ~/Library/LaunchAgents/com.java.update.plist


• ~/.jupdate

Once the installation is complete, Flashback deletes all of the files and folders in  ~/Library/Caches/Java/cache to remove the applet from the infected Mac and avoid detection or sample recovery.

Protect Yourself from Flashback Malware

If you haven’t done so already, I strongly recommend that you:

• Apply all of the security updates issued by Apple to remove common variants of Flashback, patch the Java vulnerabilities exploited by the Flashback malware, and disable Java browser plug-ins if they go unused for an extended period of time (Lion only).


• Consider disabling Java on your machine or toggle Java browser plug-ins as needed.


• Install antivirus software on your Mac. Sophos offers a free Mac antivirus solution, so you really don’t have an excuse for not doing it.


• Keep all software up-to-date and be careful of what files you download or websites you visit. Remember, you don’t have to visit a “shady” site to be infected by malware. Cybercriminals often use compromised sites to deliver malware via drive-by-downloads, including Flashback.

What measures are you taking to protect your Mac?

Researchers say 140,000 Macs still infected with Flashback malware

Despite all of the media coverage, free "detect & destroy" tools offered by multiple antivirus vendors and Apple releasing system updates to both remove the malware and patch the Java vulnerability that helped it infect over half-a-million Macs, Symantec says that there are still over 140,000 OS X machines infected by Flashback.

“The statistics from our sinkhole are showing declining numbers on a daily basis,” Symantec researchers wrote in a Thursday blog post, “However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case.”



Symantec researchers stated that the domain name for the botnet’s command & control server changes on a daily basis, and that it’s not limited to using “.com” as the top-level domain: .in, .info, .kz and .net top-level domains are used as well.

Flashback has not gone without upgrades either. Symantec researchers pointed out that Flashback is capable of using Twitter to retrieve updated C&C locations by searching for specific hashtags generated by Flashback.K’s hashtag algorithm. How’s that for being resourceful?

Mac users that have not bothered updating their system with the latest Java updates from Apple should do so immediately.

As we’ve previously mentioned, Flashback isn’t the only piece of malware looking to exploit Java vulnerabilities in order to infect Macs. The Sabpab Trojan also exploits the SE Remote Java Runtime Environment Denial of Service Vulnerability (CVE-2012-0507) in order to infect OS X machines.

Update 4/23 -  There have been conflicting reports of how many Macs remain infected by the Flashback Trojan. Researchers over at Intego have discovered that DNS redirection may be playing a role in the conflicting reports. Check out what they have to say.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Mac Trojan Exploiting Same [Patched] Java Vulnerability as Flashback

This is a perfect example as to why it’s important that you keep your system patched and up-to-date regardless of what operating system you use.

Symantec has warned that a new Trojan horse, OSX.Sabpab is hoping to follow the digital footsteps of the Flashback malware by exploiting one of the (patched) Java vulnerabilities (CVE-2012-0507) Flashback used to infect over 600,000 Mac computers.

According to Symantec’s security bulletin, once Sabpab Trojan makes its way onto your system, it will create system files to ensure it loads on system start-up and open a backdoor to grant an attacker remote control over the machine to create new processes, download arbitrary files, take desktop screenshots and upload files to a remote server.

To avoid being hit by this latest threat, Mac users should make sure they’ve installed all of the necessary Apple updates to close the targeted Java security hole.

Considering Java vulnerabilities are often exploited to plant malware on vulnerable machines, users should consider toggling Java browser plug-ins as necessary to protect against drive-by-download attacks or disabling/uninstalling Java completely if it’s not needed to eliminate the threat altogether.

Additionally, it may be beneficial for Mac users to install antivirus software to add an extra layer of protection against malware threats. Sophos offers Mac antivirus for free, so why not give it a shot? Other companies like Intego, ESET and Kaspersky also offer Mac antivirus software, so if you prefer a specific vendor, I recommend checking them out.

Stay safe, Mac users!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Apple Releases its Flashback Removal Tool to Mac Users

Make sure you take a moment to update your computer today, Mac users.

Apple has kept its word and released another Java update, this time to remove the most common variants of the Flashback malware.

Aside from that, Apple’s advisory on the Java update for Lion states that it will "configure the Java web plug-in to disable the automatic execution of Java applets" to help thwart future malware attacks. Lion users will be able to re-enable the feature, however if the Java web plug-in goes unused for an extended period of time it will automatically be disabled again.

Meanwhile, the details for the Java update for Snow Leopard (OS X 10.6) recommends that the Java plug-in be disabled manually.

It is recommended that all Mac users who have Java installed on their machines apply the “Java for OS X Lion 2012-003” update.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

What’s the Latest on the Flashback Malware Outbreak?

It’s likely that you’ve heard about how the Flashback malware shattered the façade of superior security in Apple products by infecting upwards of 600,000 Mac systems, majority of which reside in the United States.

Since then, security researchers have been monitoring the size of the Flashback botnet, antivirus vendors have released free tools to help Apple users detect and remove the Flashback malware from their computers and naturally the banter between pro-Windows and pro-Mac users has increased.

However, amidst the scrambling of Mac users to determine whether or not their system had been infected and taking the proper steps to makes sure their malware-free Apple products remained just that, there is a bit of good – and interesting – news.

Researchers Report the Flashback Botnet Size Has Decreased

Dr. Web first reported that the Flashback botnet was 550,000 Macs strong on April 4^th and Kaspersky Lab confirmed that the botnet had grown to a whopping 650,000+ Macs two days later.

But then... the weekend came and the Flashback botnet lost it's mojo.

Kaspersky Lab reported that the number of infected Macs was cut in half, dropping down to 237,000.  Researchers believe that the “sinkholing” operations carried out by numerous security firms contributed to the decline of the botnet’s size by interrupting the communications between the zombie Macs and the malware’s command & control servers. Good job!

Security Vendors say Mac Antivirus Sales Have Increased

Aside from the botnet shrinking, it appears that Mac users took a big interest in antivirus software.

Peter James, a spokesperson for Intego, a French security company that specializes in Mac antivirus software, told Computer World that the company witnessed a substantial increase in both sales and downloads of their Mac antivirus software since the Flashback malware made headlines.

Graham Cluley of Sophos Security also stated that they’d seen an increase in Mac antivirus software downloads. Sophos offers a free antivirus solution, Sophos Anti-Virus for Mac Home Edition to help Apple users protect their systems.

Not too much of a surprise considering the circumstances, but interesting nonetheless considering Macs have always been marketed as malware free products that don't require the installation of an antivirus (/anti-malware) scanner.

Apple is Preparing a Removal Tool

One of the most surprising things about the Flashback outbreak – aside from the number of compromised computers – is the fact that Apple actually spoke out about a security issue before releasing a patch for it.

In the past, Apple has kept a tight-lip on any system vulnerabilities until it’s been investigated and a patch is readily available. Apple claims to do this to help ensure the protection of their users and associated systems, but as the Flashback Trojan has shown, not informing users of potential threats can do more harm than good.

Either way, Apple is currently developing an update that will detect and remove the Flashback Trojan from infected systems. Although the solution will come long after security companies have released their own free tools, it will still be useful since there’s likely to be users out there that haven’t been following the news and probably have no idea that their systems have been hit.

Update 4/13/12: Apple Releases its Flashback Removal Tool to Mac Users

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Flashback Trojan Infects Over 600,000 Macs - How to Detect & Remove It From Your Mac

Was your Mac one of 600,000 machines infected by the Flashback Trojan?

For the last few weeks, Flashback has made headline after headline since it was discovered by Dr. Web that the Trojan had created a botnet that was half a million Macs strong. Those numbers were later confirmed by security experts over at Kaspersky Lab.

The large number of infected OS X machines was due to the Flashback Trojan exploiting an unpatched Java vulnerability via drive-by-download attacks. No user interaction was necessary for the malware to be downloaded & installed on the target machine – it was all done silently in the background the moment a user visited a malicious site serving the malware.

A lot of the blame has been placed on Apple for its delay in patching the Java vulnerability responsible for a large amount of the infections. The Java flaw was patched back in February by Oracle; however, Apple didn’t release a fix to OS X until April 3^rd.

Of course, word that such an alarming amount of Macs have been infected by malware has revived the ongoing debate of whether or not Macs are safer than PCs.

Still, how is a Mac user to cope with a malware outbreak that has been compared to the infection rate of the Conficker worm for Windows computers back in 2008-2009?

Detecting & Removing the Flashback Trojan on Your Mac

Thankfully, Kaspersky Lab has produced all of the tools an OS X user needs to both detect and remove the Flashback Trojan from their computer.

1. To check if your Mac has been infected by the Flashback Trojan (aka Flashfake), visit this site: flashbackcheck.com


2. If your Mac is infected, you can download their free removal tool to get rid of it.

Flashback infections aside, it may be time to install antivirus software on your Mac. I suggest checking out the Mac antivirus offerings of ESET, Sophos (free) & Intego.

Was your Mac infected by the Flashback Trojan? Has the Flashback Trojan outbreak changed your perception on the security of Apple computers?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

New Variant of Flashback Trojan Using Java Exploits to Infect Macs

The authors behind the Flashback Trojan targeting Macs are quite the busy bunch.

Researchers at Intego have discovered a new version of the Flashback Trojan - dubbed "Flashback.G" - that’s infecting OS X via drive-by-downloads exploiting two Java vulnerabilities.

In the event that the targeted vulnerabilities have been patched, Flashback.G will attempt to trick users into installing it by displaying a self-signed certificate claiming to be issued by Apple.

Upon a successful infection, Flashback.G will inject code into Safari, Skype and other network programs in order to harvest username and passwords. Fortunately, this causes the affected applications to crash, throwing a red flag to the end-user.

“It installs itself in an invisible file in the /Users/Shared folder, and this file can bear many names, but with a .so extension.” Intego researchers explained in a blog post.

Flashback.G also comes with a built-in update feature that connects to a number of remote sites in order to automatically download updates.

According to Intego, a large portion of the Macs that are infected by Flashback.G are running OS X 10.6 Snow Leopard, which has Java pre-installed. That doesn’t mean other versions of OS X are out of the question though, as the issue lies with the vulnerabilities within Java itself.

To stay safe, Mac users should make sure that they’re running the most recent version of Java and be cautious of what files they download. Also, be sure to click ‘Cancel’ if you ever see this dialog box:

Screenshot Credit: Intego

Considering the fact that Intego found that Flashback.G will abort the installation process if it detects the presence of a variety of antivirus programs, it may be time to install an antivirus program on your Mac if you haven’t done so already.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Buy of the Week: Apple 17-inch MacBook Pro for $2,370

This offer expired on December 2nd. Please check the banner at the top for our latest deal!

It' s all about performance. If you want an Intel Core i processor, a brilliant display, and Mac OS X Lion, you want the all-new MacBook Pro.

Until December 2nd, you can order a new 17-inch Apple MacBook Pro from Hyphenet for only $2,370, plus shipping!

Call Hyphenet at (619) 325-0990 to order your 17-inch MacBook Pro today!

Specifications for the 17-inch MacBook Pro

Display	17" Widescreen LED backlight TFT 1920 x 1200 ( WUXGA )
Processor	Intel Core i7 2.4 GHz
RAM	4 GB DDR3 SDRAM - 1333MHz
Hard Drive	750 GB - Serial ATA-300 - 5400 rpm
Graphics Processor	Intel HD Graphics 3000 Dynamic Video Memory Technology 5.0
Networking	Gigabit Ethernet, WLAN : 802.11 a/b/g/n, Bluetooth 2.1 EDR
Operating System	Mac OS X 10.7 Lion
Optical Drive	DVD±RW (±R DL)
Camera	Integrated (1280 x 720)
Battery	Lithium polymer - 95 Wh (up to 7 hrs run-time)
Warranty	Apple 1-year limited warranty Technical support - phone consulting - 90 days

Don't miss out on this Buy of the Week! Call Hyphenet at (619) 325-0990 to order your 17-inch MacBook Pro!

Buy of the Week offer valid through December 2nd, 2011.

* Shipping, taxes and CRV may apply.

Hyphenet is an Authorized Apple Reseller.

This offer expired on December 2nd. Please check the banner at the top for our latest deal!

DevilRobber Trojan Targets Mac OS X to Steal Data & Mine BitCoins

Mac users who tend to frequent torrent sites such as PirateBay or Paratypic should be cautious when downloading apps as they could contain a nasty piece of malware called DevilRobber.A.

The focus of the DevilRobber malware is to steal files and BitCoins, take screenshots of your computing activity, utilize your Mac’s computing power to solve cryptographic problems in order to mine BitCoins, and open a backdoor to grant remote control to its authors.

Once DevilRobber makes its way onto your Mac, it first checks to make sure that you don’t have [a] Little Snitch installed, ready to blow the whistle when it attempts to make outgoing internet connections.

If the coast is clear, the DevilRobber malware sets up camp by adding a LaunchAgent file to ensure it runs on start-up or login and capturing targeted information like your Safari browsing history, BitCoin wallet information, your MAC’s external IP address, computer login credentials, and more.

All of the sensitive data collected from the infected machine is then uploaded to a remote server to be reviewed as needed by evil-doers behind the DevilRobber malware.

Aside from all of the information theft, DevilRobber participates in a resource and electricity hogging activity known as ‘BitCoin mining’.

Despite the sophistication of the DevilRobber malware, it’s not very widespread and only appears to be bundled with a handful of Mac programs, including the popular image editor, GraphicConverter version 7.4.

Still, it’s recommended that Mac users go to the websites of the respected software vendors to download the programs of choice and run up-to-date antivirus software to avoid coming face to face with the Devil[Robber].

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest computer security threats.

Photo Credit: Vectorportal.com

OSX/Tsunami.A Trojan Recruiting Macs for DDoS Attacks

Take your Mac to higher ground!

Researchers over at ESET have discovered a new IRC-controlled backdoor Trojan, OSX/Tsunami.A, seeking out unprotected Macs in order to recruit them into a bot for Distributed Denial of Service (DDoS) attacks.

OSX/Tsunami.A was spawned from a Linux family of backdoors (Linux/Tsunami) that ESET’s been tracking for nearly a decade. The OS X version is based on a 64-bit Mach-O binary instead of Linux ELF binaries and uses different IRC-related information.

Similar to the Linux version, once OSX/Tsunami.A takes residency on your Mac, it taps into a list of IRC servers and channels to listen for commands.

Aside from allowing your Mac to participate in a DDoS attack, OSX/Tsunami.A lets evil-doers to download files – whether they’re updates for Tsunami or other varieties of malware – and execute shell commands, offering the ability to take complete control of your machine.

Thankfully anti-virus firms stay on top of their game and both ESET and Sophos have updated their anti-virus software to detect OSX/Tsunami.

Would your Mac be safe from an incoming Tsunami?

Don’t take that chance of having your Mac drown in a sea of malicious content from a hacker. Make sure you’re running up-to-date antivirus software on your Mac.

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest computer security threats.

Photo Credit: epugachev
Edited by Marquisa

OSX/Flashback.C Trojan Stops Automatic Updates for Built-in Anti-Malware Protection

Don’t think just because you have a Mac that you’re safe from malware, viruses or whatever other rogue applications are roaming around searching for trouble.

The latest variant of the Flashback Trojan discovered just last month, dubbed OSX/Flashback.C, has been found to have the ability of keeping OS X’s built-in anti-malware software, XProtect from receiving automatic updates.

According to the report by FSecure, OSX/Flashback.C decrypts paths within XProtectUpdater in order to decrypt the XProtectUpdater binary and unload the XProtectUpdater daemon. Once that’s said and done, OSX/Flashback.C moves to overwriting certain files that XProtect relies on for updates. This prevents XProtect from automatically receiving future definition updates from Apple and puts your system at the mercy of future malware programs.

Although XProtect isn’t a full-blown anti-malware application, it does provide limited protection against a small list of Trojans. Still, it's always recommended that Mac users run a complete anti-virus solution on their computer to make sure they have the best protection possible.

Disabling anti-malware applications is really nothing new, as it’s a common trick performed by malware that targets Windows PCs. By disabling whatever anti-malware protection that a computer has, the malicious program will be able to do its dirty work without interruption prior to being discovered by the end-user.

The OSX/Flashback Trojan has been found to make its way onto the Macs of unsuspecting users by posing as an update for Adobe Flash. So if you must update Adobe Flash, please go directly to adobe.com and download it there!

Clearly malware authors are taking more interest in targeting Mac users, so if you’re not running proper anti-virus protection on your fruit-flavored computer, its time you looked into getting some.

I personally run ESET NOD32 for Mac on my Macbook Pro, but Sophos Security offers a free anti-virus solution for Macs as well.

Stay safe!

Photo Credit: my-blackberry.net

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest security threats.

New OS X Trojan Infecting Macs By Pretending to Be Adobe Flash Update

[caption id="attachment_584" align="alignright" width="300" caption="Screenshot of Flashback trojan installer. Credit: Intego"][/caption]

Mac users are having their sense of security shaken up once again with another Trojan targeting OS X caught roaming in the wild.

Discovered by Intego, the Trojan horse OSX/flashback.A is sneaking its way into the Mac system files party by masquerading as an Adobe Flash update.

Once OSX/flashback.A, also simply known as “Flashback”, makes its way onto your computer, it goes straight to work: deleting its installation package, opening up a backdoor, installing a dyld library to inject code into applications that are ran & deactivating certain network security software.

During setup, Flashback checks to see if a specific program called Little Snitch, which “tells” on programs that attempt to make outgoing internet connections, is installed to deactivate it. It makes sense, considering the Flashback malware will eventually attempt to “phone home” in order to send sensitive data about the infected PC (like the computer’s MAC address)  back to its authors.

Mac users can check to see if Flashback has infected their machine by checking for a specific file in their home folder: ~/Library/Preferences/Preferences.dylib

To avoid becoming a “Flashback” victim, users can take the following precautions:

• Only download Adobe Flash updates from Adobe.com. Do NOT download Adobe Flash updates from any other site; otherwise you could potentially be putting your Mac’s security at risk.


• Disable Safari’s auto-open option. Open your Safari browser, go to the General section of the browser preferences & uncheck the option to “Open safe files after downloading.”


• Always run up-to-date antivirus & malware software. There are plenty of antivirus programs available for your Mac, including software from ESET, Kaspersky, Intego, & others. Be sure to keep your antivirus & malware software definitions current for the best protection possible.


• Exercise caution when downloading files. Don’t be click happy and flip through security dialogs without paying them any mind. Always be conscious of what you’re downloading and opening from the internet.

Stay safe, my fellow Mac users!

OSX/Revir.A Trojan Horse Targeting Mac OS X in Order to … Do Nothing?

With more and more users adopting Macs these days, cybercooks may be growing tempted to switch from developing malware and other nasty bugs for Windows to creating them for Macs instead.

Unfortunately for the creator of the Revir.A trojan (but fortunately for Mac users), it seems like their efforts aren’t proving to be so fruitful.

Meet Trojan-Dropper:OSX/Revir.A

The Revir.A Trojan comes disguised as a PDF file, written in Chinese and covering the long-heated debate between China and Japan over who controls a group of islands in the East China Sea, known as the Diaoyu Islands in China and the Senkaku Islands in Japan.

As some of you may be well aware, spreading malware via malicious PDF files is nothing new and is a common technique used by Windows malware authors, so it’s no real surprise that it’s being used to deliver OS X malware as well.

Similar to Windows malware attacks, the PDF is merely to provide the bug easy entry into the PC (as nobody thinks PDFs harbor any threat to their computer's security!) and serve as a distraction for the user while the malware does its thing in the background, which in this case is installing a backdoor named OSX/Imuler.A.

Fortunately, it appears that the malware is incapable of communicating with any remote command-and-control servers (which would give cybercrooks remote control of your Mac), so the threat level is relatively low at this point.

Either way, if you get an email with a PDF attachment, don’t download it. There’s no telling when the malware author will wise up and release a fully-functional version.

As recommended to Windows users, you should always run antivirus software on your PC and proceed with caution when downloading files from the internet. While their may not be as many threats targeting Apple's OS as there are Windows, there are threats out there that are capable of destructive behavior. Better to be safe than sorry!

Photo Credit: Britrob
[Altered by Marquisa]