Researchers discover PDF malware that targets Apple's Mac OS X

Posted:
in macOS edited January 2014
A new piece of malware which disguises itself as a PDF download and could give hackers remote access to a computer has been discovered as a potential threat to Mac users.



The trojan, identified as Trojan-Dropper:OSX/Revir.A, opens a botnet backdoor by tricking the user into downloading and opening a Chinese language PDF file while it installs itself in the background, according to security researchers at F-Secure.



The command-and-control center of the trojan is currently a bare Apache installation that has been sitting dormant at its domain since May and is not yet capable of communicating with any backdoors. This has led researchers to believe that they have found a malware in the making.



Trojans typically mask themselves as a PDF and infect systems while the user is busy opening the file. But researchers believe that this particular sample may be stealthier than usual malware.



The new trojan differs from most Windows PDF malware in that it arrived to researchers without the usual "pdf.exe" extension or icon. Researchers note that because extension and icon data are stored and displayed differently on Macs, this sample could be more difficult to detect than Windows counterparts, as it can adopt any extension desired.



The technique of using a PDF file as a ruse for the propagation of malware has been a mainly Windows problem in the past, remaining a minimal threat to Mac users.







It is unclear how this malware is spreading, but researchers believe that the most likely mode of circulation is via e-mail attachment. The researchers suggested the author of the trojan could simply be "testing the water" to see if their creation is identified by various antivirus applications.
«13

Comments

  • Reply 1 of 57
    Remember to turn off those "Automatically Open when Finished Downloading" options in Safari, Firefox, Chrome, IE.



    That goes for all three major OSs.



    (Also, start Windows, MacOS, Linux feuds based on Malware misconceptions on everyone's parts.)
  • Reply 2 of 57
    apple ][apple ][ Posts: 9,233member
    I'm not even going to bother to get into any PC vs Mac virus debate, but I will say that I am glad that I don't have to run any virus program on my Macs.



    As for this malware mentioned in the article, if it's delivered by an email attachment, then I'd say that the main people who are most at risk of getting it are stupid people. No OS is secure enough to protect morons from their own stupidity.



    I also think that in certain cases, the death penalty would be an appropriate punishment for criminals behind email spam, malware and viruses.
  • Reply 3 of 57
    THIS IS NOT A VIRUS!



    This is a Trojan Horse. That's a different animal. You can see a Trojan Horse ? albeit in its disguise of course ? and it requires to be opened/started by YOU to become active!



    A virus is an, under normal circumstances, invisible file that can sneak through your ports without you noticing it and then execute itself in the background on your PC. No user involvement required.



    There are no viruses for OSX (yet).

    So antivirus software for OSX is a crock.

    There are a few Trojan Horses for OSX. Less than a handful, afaik. But they could come in thousands of different disguises, of course!
  • Reply 4 of 57
    don't download and install things from non-official sites got it. You think they should teach common internet protocols at schools. I mean last i checked (in california) there is still a year requirement of a computer class, such as learning to type as well as one other computer elective. They really need to start informing people on good computer usage. It's a good skill to have today.
  • Reply 5 of 57
    gatorguygatorguy Posts: 23,395member
    Quote:
    Originally Posted by accessoriesguy View Post


    don't download and install things from non-official sites got it. You think they should teach common internet protocols at schools. I mean last i checked (in california) there is still a year requirement of a computer class, such as learning to type as well as one other computer elective. They really need to start informing people on good computer usage. It's a good skill to have today.



    That's not how this one would be delivered, if there was anything taking advantage of it. There isn't (yet) according to articles. Since this one can spoof any type of file, not just a PDF, simply use common sense. If you get an email with an attachment, perhaps an image file/picture or excel file, from someone that you don't know, or even an unexpected one from someone you might, just don't open it. Simple.
  • Reply 6 of 57
    I understand where all of you are coming from but when there's commercials running ad nauseum about how Mac OS does not get viruses (most people DO NOT know the difference between a virus, a Trojan horse or malware), then they are lulled into thinking they're computers are safe and will open whatever from whomever.
  • Reply 7 of 57
    solipsismsolipsism Posts: 25,726member
    Funny how the biggest threats to OS X are from Adobe-created products.





    Quote:
    Originally Posted by dasanman69 View Post


    I understand where all of you are coming from but when there's commercials running ad nauseum about how Mac OS does not get viruses (most people DO NOT know the difference between a virus, a Trojan horse or malware), then they are lulled into thinking they're computers are safe and will open whatever from whomever.



    1) Where are these commercials?



    2) When did haven't yet been subjected to a barrage of viruses mean they can't possibly get viruses?
  • Reply 8 of 57
    I'm sorry but there's a distinct disconnect between the headline and the lead paragraph…



    The headline says "...PDF malware that targets Apple's Mac OS X". (I interpret that to mean, "designed specifically to attack OSX".)



    But then the lead paragraph says:

    "...could give hackers remote access to a computer has been discovered as a potential threat to Mac users."



    "a computer"… a "potential" threat to Mac users (and I think the word "also" might be relevant here)…



    This is not "targeting OSX". Although OSX may be included in the "vulnerable systems" list, there really is a huge difference there.



    Especially when the article goes on to say, basically, how it's really most dangerous for Windows machines…





    Come on. "Malware"…? How about "Virus" or "Trojan"…? Be as specific as the content of the article.



    If it's really "TARGETING OSX", then I'd like to see the article reflect that. Otherwise, tone down the headline… There's enough FUD in the world. I like it that I don't have to deal with it here much at AI… now is not a good time to start.



    /rant
  • Reply 9 of 57
    Quote:
    Originally Posted by The Third Man View Post


    THIS IS NOT A VIRUS!



    This is a Trojan Horse. That's a different animal. You can see a Trojan Horse – albeit in its disguise of course – and it requires to be opened/started by YOU to become active!



    A virus is an, under normal circumstances, invisible file that can sneak through your ports without you noticing it and then execute itself in the background on your PC. No user involvement required.



    There are no viruses for OSX (yet).

    So antivirus software for OSX is a crock.

    There are a few Trojan Horses for OSX. Less than a handful, afaik. But they could come in thousands of different disguises, of course!



    These are probably not the most accurate definitions of a Trojan and virus that I have ever seen. A virus sneaks through your ports? A computer virus is code that can self-replicate and potentially infect other files. A Trojan Horse is an application or file that pretends to be something it's not to trick the user into running it and it usually performs a malicious function. Both a virus and a Trojan horse are usually introduced into the network as a result of the user.



    An example of a virus is downloading a pirated copy of Diablo II that has it's binary infected. When the game is ran, the code copies itself to other installed applications to spread itself.
  • Reply 10 of 57
    Quote:
    Originally Posted by dasanman69 View Post


    I understand where all of you are coming from but when there's commercials running ad nauseum about how Mac OS does not get viruses (most people DO NOT know the difference between a virus, a Trojan horse or malware), then they are lulled into thinking they're computers are safe and will open whatever from whomever.



    Please tell us all more about these imaginary commercials you speak off.
  • Reply 11 of 57
    Quote:
    Originally Posted by solipsism View Post


    Funny how the biggest threats to OS X are from Adobe-created products.









    1) Where are these commercials?



    2) When did haven't yet been subjected to a barrage of viruses mean they can't possibly get viruses?



    C'Mon soli, have u quickly forgotten the I'm a Mac, and I'm a PC barrage of commercials? It's been a few years since they aired but they were quite effective and go into any Apple store or Best Buy and the salesperson will say "buy a Mac if you're worried about getting viruses". Most people don't keep up with current events. I often recommend plasma TVs to people and every single one responds the same way "what about the 5 yr life, burn in, etc...." all those things have not been true for years but they hear it once and never bother to check again.
  • Reply 12 of 57
    Quote:
    Originally Posted by solipsism View Post


    Funny how the biggest threats to OS X are from Adobe-created products.









    1) Where are these commercials?



    2) When did haven't yet been subjected to a barrage of viruses mean they can't possibly get viruses?



    is this a malware using a pdf file, or involving an adobe program? I thought it was just a file disguised as a pdf. Personally, I never use acrobat to open anything in the bowser anyway.
  • Reply 13 of 57
    Quote:
    Originally Posted by dish View Post


    Please tell us all more about these imaginary commercials you speak off.



    http://www.youtube.com/watch?v=GQb_Q...e_gdata_player



    Remember now, dishhead?
  • Reply 14 of 57
    Quote:
    Originally Posted by solipsism View Post


    Funny how the biggest threats to OS X are from Adobe-created products.









    1) Where are these commercials?



    2) When did haven't yet been subjected to a barrage of viruses mean they can't possibly get viruses?



    Since Apple says so. And to quote... "I am a Mac OS X so I don't have to worry about spyware and viruses"



    http://www.youtube.com/watch?v=Gm0C0y7Uk10
  • Reply 15 of 57
    Quote:
    Originally Posted by Jacksons View Post


    to quote... "I am a Mac OS X so I don't have to worry about viruses"



    http://www.youtube.com/watch?v=Gm0C0y7Uk10



    Thanks for that one as well. Some of you guys need to chill with the kool-aid, the barley and hops juice, and the funny looking cigarettes.
  • Reply 16 of 57
    Quote:
    Originally Posted by The Third Man View Post


    THIS IS NOT A VIRUS!



    This is a Trojan Horse. That's a different animal. You can see a Trojan Horse ? albeit in its disguise of course ? and it requires to be opened/started by YOU to become active!



    A virus is an, under normal circumstances, invisible file that can sneak through your ports without you noticing it and then execute itself in the background on your PC. No user involvement required.



    There are no viruses for OSX (yet).

    So antivirus software for OSX is a crock.

    There are a few Trojan Horses for OSX. Less than a handful, afaik. But they could come in thousands of different disguises, of course!



    Apple says you don't have to worry about these things. Even if they are Trojans. And even if you install them yourself



    And to quote... "I am a Mac OS X so I don't have to worry about spyware and viruses"



    http://www.youtube.com/watch?v=Gm0C0y7Uk10
  • Reply 17 of 57
    Anyone remember the NVIRa in Mac OS 7.5?



    Nasty little bugger, very difficult to eradicate, a delicate procedure only for the learned back then.



    KOB
  • Reply 18 of 57
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by dasanman69 View Post


    C'Mon soli, have u quickly forgotten the I'm a Mac, and I'm a PC barrage of commercials? It's been a few years since they aired but they were quite effective and go into any Apple store or Best Buy and the salesperson will say "buy a Mac if you're worried about getting viruses". Most people don't keep up with current events. I often recommend plasma TVs to people and every single one responds the same way "what about the 5 yr life, burn in, etc...." all those things have not been true for years but they hear it once and never bother to check again.



    1) Get a Mac ads ran from 2006 to 2010. We're almost into 2012. Where are these commercials running, to quote, ad nauseum?



    2) Listen to the wording of the Trust Mac ad. They clearly state "I [Mac] don't have to worry about your [Windows PC] spyware and viruses." No where does Apple state that Mac OS X can't ever be infected with spyware or viruses. Do you see what the marketing department did there?
  • Reply 19 of 57
    mr. memr. me Posts: 3,221member
    Quote:
    Originally Posted by King of Beige View Post


    Anyone remember the NVIRa in Mac OS 7.5?



    Nasty little bugger, very difficult to eradicate, a delicate procedure only for the learned back then.



    KOB



    Wrong on several accounts. nVIR-A dates back to 1987 when System 4.1 was extant. This was something like eight years prior to System 7.5--not MacOS 7.5. However, Mac System Software through MacOS 8 were vulnerable to it. However, It could easily be eradicated by running one of the commercial Mac antivirus utilities like Symantec Antivirus for Macintosh or free Mac antivirus utilities like Disinfectant.
  • Reply 20 of 57
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by Jacksons View Post


    Since Apple says so. And to quote... "I am a Mac OS X so I don't have to worry about spyware and viruses"



    http://www.youtube.com/watch?v=Gm0C0y7Uk10



    Quote:
    Originally Posted by Jacksons View Post


    Apple says you don't have to worry about these things. Even if they are Trojans. And even if you install them yourself



    And to quote... "I am a Mac OS X so I don't have to worry about spyware and viruses"



    http://www.youtube.com/watch?v=Gm0C0y7Uk10



    You quote it incorrectly twice in the same thread. Who else would do that but a troll?
Sign In or Register to comment.