New Mac OS X Malware Discovered, Takes Screenshots And Uploads Them To Unknown Servers Without User’s Consent

Security research firm Intego, which specializes in Mac-related software, has stumbled upon a new variant of the Imuler trojan horse targeting Mac OS X users.

The latest iteration of the infamous Imuler.C trojan tries to infiltrate users by convincing them that the file they’ve downloaded and are about to open is an image. The trojan horse currently operates using .zip archives named “Pictures and the Ariticle of Renzin Dorjee.zip” and “FHM Feb Cover Girl Irina Shayk H-Res Pics.zip”.

20120317-232306.jpg

Due to the construction of the default Mac OS X settings, full file extensions are not shown to a user, so when image icons are used for application files – as is the case here – the unfortunate recipient is none the wiser.

A blog post by the company explains how it works:

The malware installs a backdoor at /tmp/.mdworker, and a process called .mdworker then launches. A launchagent file is also installed at ~/library/LaunchAgents/checkvir.plist, along with an executable in the same folder, ensuring that the malware launches when the user logs into his or her Mac.

The malware then searches for user data, attempting to upload it to a server. It also takes screenshots and sends them to said server.

End users needn’t panic, since the Intego has yet to find this malware in the wild, and considers the risk to be minimal at this point in time. However, those using a Mac are kindly advised to turn on the feature which shows all filename extensions as a precautionary measure – in order to spot the difference between a real image file and applications, such as the Imuler.C trojan. The Austin, TX based firm also urges those who encounter any suspicious files to report them to the popular VirusTotal service, which will in turn ensure they’re free of any malware.

20120317-233140.jpg

OS X and iOS are considered among the most secure operating systems around, which makes the latest discoveries all the more intriguing. While Android has needed to fend off many malware variants of late, Apple’s platforms tend to get less negative media coverage.

(via Redmondpie)

Advertisements

Let's know what you think

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s