Security research firm Intego, which specializes in Mac-related software, has stumbled upon a new variant of the Imuler trojan horse targeting Mac OS X users.
The latest iteration of the infamous Imuler.C trojan tries to infiltrate users by convincing them that the file they’ve downloaded and are about to open is an image. The trojan horse currently operates using .zip archives named “Pictures and the Ariticle of Renzin Dorjee.zip” and “FHM Feb Cover Girl Irina Shayk H-Res Pics.zip”.
Due to the construction of the default Mac OS X settings, full file extensions are not shown to a user, so when image icons are used for application files – as is the case here – the unfortunate recipient is none the wiser.
A blog post by the company explains how it works:
The malware installs a backdoor at /tmp/.mdworker, and a process called .mdworker then launches. A launchagent file is also installed at ~/library/LaunchAgents/checkvir.plist, along with an executable in the same folder, ensuring that the malware launches when the user logs into his or her Mac.
The malware then searches for user data, attempting to upload it to a server. It also takes screenshots and sends them to said server.
End users needn’t panic, since the Intego has yet to find this malware in the wild, and considers the risk to be minimal at this point in time. However, those using a Mac are kindly advised to turn on the feature which shows all filename extensions as a precautionary measure – in order to spot the difference between a real image file and applications, such as the Imuler.C trojan. The Austin, TX based firm also urges those who encounter any suspicious files to report them to the popular VirusTotal service, which will in turn ensure they’re free of any malware.
OS X and iOS are considered among the most secure operating systems around, which makes the latest discoveries all the more intriguing. While Android has needed to fend off many malware variants of late, Apple’s platforms tend to get less negative media coverage.