Be careful, that PDF might be a Mac Trojan

Well, hello Mac users! The 1 billion Windows users of the world welcome you to the wonderful world of malware. F-Secure has identified a new one, and like Mac Defender, this piece of nastiness borrows from malware already released for Windows.

"We may have come across a Mac malware in the making. Detected as Trojan-Dropper:OSX/Revir.A, the malware disguises as a PDF file to trick user into triggering its payload", F-Secure warned earlier today.

The fake PDF is not yet perfected: "As of this writing, the C&C of the malware is just a bare Apache installation and is not capable of communicating with the backdoor yet. The domain was registered on 21 March 2011 and was last updated on 21 May 2011".

Mac security is a hot topic, in part because users are such passionate defenders of the platform. This despite clear signs that cyber criminals are bringing Windows malware software and techniques to Mac OS X. In February Sophos identified back-door Trojan BlackHole RAT, a variant of the free "remote administration tool" darkComet RAT for Windows. The Trojan was written in December 2010 and took months to spread, in beta, but posed no serious threat, even after version 2.0 appeared in April, because it wasn't stable.

In May the first credible piece of Mac OS X malware ever documented started spreading around the Web. Mac Defender used a long-successful technique on Windows -- pretending to be antivirus software while instead infecting the computer. Cyber criminals poisoned search results with fake sites that prompted users with warning of virus infection. Following instructions to take action, they downloaded fake antivirus software to the Mac.

Many Mac defenders (not to be confused with the malware) dismissed the security threat, and Apple with them. But as the number of infections increased, Apple finally acknowledged the problem -- three weeks after it started.

Related: "Five things you need to know about Mac Security"

The same day, new variant Mac Guard appeared in the wild, with the capability of downloading and installing without user interaction. The behavior mimicked the drive-by-downloads long part of the Windows landscape.

I conducted polls to gauge just how unprotected are Mac users, and the results didn't surprise. Among Windows users, 86 percent of respondents said they have anti-malware software installed. Startling contrast: 82.74 percent of Mac users do not run anti-malware software. I've re-embedded both polls to see if the results have changed much. The Q: Are more Mac users protecting their computers, following the ruckus Mac Guard cased?


Mac users potentially are more vulnerable, because of behavior. Windows users are accustomed to malware trickery, often via phishing emails or bogus links from instant messaging or social networking services. Then there are the website pop-ups warning the PC is infected with a virus, like Mac Defender. The offered solution infects rather than cures the computer. It's an old tactic applied to a new platform.

Many Windows users have also learned, well hopefully, to be wary of file attachments, like the fake PDF Trojan. Your risk to this piece of nastiness isn't the problem, but the one that comes next -- the Trojan capable of infecting tens of thousands of Macs. Apple has hardened Mac OS X pretty well, but the first line of defense is the user. That's you. Security is only as good as the person using the operating system. Ask this question: Is your Mac safe from you?

Art Credit: Albert Ziganshin/Shutterstock

8 Responses to Be careful, that PDF might be a Mac Trojan

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.