Researchers have discovered a new trojan horse malware that targets Mac OS X systems via use of PDF files. The malware was first spotted earlier this year in July, but now has been identified as two programs that work together to damage Mac OS X systems.
The first of the two installs a downloader component while disguising the action by opening a PDF file. The PDF file that opens contains Chinese characters and is used to distract the user while a program is sneakily downloaded and installed. When this happens, a launch agent is created. The launch agent keeps the malware active and sends the system’s username and MAC address to a remote server. The server is then able to tell it to archive files for upload, or to upload screenshots.
F-Secure says that at the moment the malware doesn’t work very well, but that it is still most likely in the testing phase and could become more advanced. Researchers have yet to discover how the malware is being distributed, but it’s likely that it is being sent out through e-mails and underground websites.
According to security researchers, the best way to avoid getting the very unwanted malware is to avoid downloading any PDF files from unknown sources.
For those who suspect that their Mac might be infected, researchers suggest that the owner check the Activity Monitor for any processes called “checkvir.” If “checkvir” is indeed running, click on the red button to stop its activity. Then proceed to remove the files “checkvir” and “checkflr.plist” from the following directory: /username/Library/LaunchAgents/