Even though malware continues to be a small concern on the OS X platform in general, attackers are nevertheless still constantly devising new ways to attack computers and steal valuable information, or turn those machines into bots to do their bidding.
A new Mac trojan called Trojan-Dropper:OSX/Revir.a attempts to do the latter by disguising itself as a PDF file and attempting to open up a backdoor on the users Mac. The exploit was discovered by researchers at F-Secure. A privacy-blurred sample of an infected PDF is shown above.
The trojan is particularly devious in the respect that users who fall victim to the attack are unlikely to be aware that their computers have been compromised, despite the fact that nefarious background tasks are being executed on their Macs. From the F-Secure blog:
This malware may be attempting to copy the technique implemented by Windows malware, which opens a PDF file containing a ‘.pdf.exe’ extension and an accompanying PDF icon. The sample on our hand does not have an extension or an icon yet. However, there is another possibility. It is slightly different in Mac, where the icon is stored in a separate fork that is not readily visible in the OS. The extension and icon could have been lost when the sample was submitted to us. If this is the case, this malware might be even stealthier than in Windows because the sample can use any extension it desires.
It’s currently unclear exactly how this trojan is spreading, although a circulating e-mail attachment is currently the primary suspect. Users are advised not to download or open any PDF file that they cannot identify, or that doesn’t come from a trusted source.