F-Secure reports Mac trojan poses as PDF
Security firm F-Secure has unearthed a troubling trojan for Macs that hides itself as a PDF, only waiting until the file is opened up and displaying some Chinese characters before it dives into your Mac's hard drive and sets up a backdoor control. Currently, according to F-Secure, the backdoor doesn't actually do anything harmful, but obviously that could change in the future, either if the original hackers take advantage of the trojan, or if someone else does.
F-Secure says that the trojan currently doesn't have an icon associated with it, so in the current spotted form, it should be pretty easy to identify as a virus (especially if it shows up in just a random email). But if the trojan is embedded in a file with an extension and an icon that matches a familiar document type (like a PDF, or any other kind of file you'd open in everyday use), it's possible that the backdoor could get installed.
In other words, you've got to do what you should always do on any computer: beware of any file downloaded from an untrusted source on the Internet, or any email attachments coming from a sender you don't know or recognize.
Share
Security firm F-Secure has unearthed a troubling trojan for Macs that hides itself as a PDF, only waiting until the file is opened up...
Add a Comment
I call bullshit, no such thing as Mac virus. Fools.
September 24 2011 at 8:27 PM Report abuse Permalink +1 rate up rate down ReplyIs it really color ink display on the way?
September 24 2011 at 3:14 AM Report abuse Permalink -1 rate up rate down ReplyMan if they keep this up I'm going to have to start counting Mac viruses that actually have some potential on two hands.
September 24 2011 at 12:52 AM Report abuse Permalink +1 rate up rate down ReplyHEADLINE:
F-Secure creates PDF Trojan for Mac.
F-Secure asks Mac users to please purchase their products now.
Meanwhile in the F-Secure's secret labs interns are hard at work emailing Trojan PDF's to their friends.
Well duh,
If we all just went and switched to Mac and Linux, then the anti-virus industry would collapse, why do you think Microsoft never put good security in Windows? Otherwise it would kill the AV industry.
It would be great if some stellar publication would answer the million dollar question...
DOES IT OR DOES IT NOT ASK FOR YOUR SYSTEM PASSWORD TO INSTALL? Sigh...
Right. I mean at that point lets not call it a virus, but an IQ test.
September 24 2011 at 12:56 AM Report abuse Permalink +1 rate up rate down ReplyAnd does it require Acrobat?
September 23 2011 at 3:40 PM Report abuse Permalink rate up rate down ReplyThe file is not actually a PDF, according to the F-Secure writeup. As far as I can tell from the summary, it's an .app bundle named with a .pdf extension (and potentially, though not confirmed, with a PDF icon set manually for the app icon). So apparently when you run the application, a PDF contained in the bundle is opened (so it looks like you opened a PDF), but the application also installs a backdoor.
Things that aren't answered in the F-Secure writeup are:
1) Does this require you to provide your password to install the malware (i.e., is it just social engineering, or an actual exploit), and
2) Does the application somehow bypass the 'X is a program from [source/date] which you have never run before' warning?
If this is just a normal application which tosses up that warning and then installs a malware backdoor, it's a trojan via social engineering; there's no real fix for that short of adding signatures to virus software and educating users not to run random things. If it somehow bypasses the password prompt or the 'unrecognized program' warning, then it's a trojan making use of an actual exploit and we'll need a security update from Apple.
If its somehow able to get around the general unix permission system, then Apple seriously needs to fix it and super fast, otherwise the whole permission system becomes defunct.
September 23 2011 at 4:16 PM Report abuse Permalink rate up rate downAlso the ask for user password prompt you get a few times when doing things, is basically just a front-end for Sudo,
September 23 2011 at 4:20 PM Report abuse Permalink +1 rate up rate downAnd everyone will say "see...Mac do to get viruses" LOL
September 23 2011 at 3:31 PM Report abuse Permalink -1 rate up rate down ReplyLittle tip, if it ask for your password, don't give it.
.
Then only your user can ever be harmed, and your Mac can sleep peacefully :)
What is absolutely not clear is how this PDF 'installs software'. Does it ask you for permission, as it would if it's trying to put something into a protected location? The stuff I've seen is nicely sensational (except for the MacFixIt article) and ignores this critical detail. MacFixIt also has hints on how to tell if this is on your system and what to do about it if it is present.
September 23 2011 at 3:29 PM Report abuse Permalink +1 rate up rate down ReplyIf it is a /infected/ PDF, it can hardly be called a Virus, it can't touch anything but you're files since Preview.app runs under your user.
September 23 2011 at 4:15 PM Report abuse Permalink +1 rate up rate down ReplyDeals of the Day
more deals- Acoustic Research Digital Photo Frame with iPod Dock for $50 + free shipping
- Apple iPhone 4 8GB for Verizon, AT&T, or Sprint for $50 + pickup at Best Buy
- Unlocked iPhone 4S 16GB for GSM (AT&T, T-Mobile) for $619 + free shipping
- Apple iMac Core i7 Quad 3.4GHz 27" w/ 24GB RAM, 2TB HDD for $2,677 + $29 s&h
- Used Apple Magic Mouse for $36 + $4 s&h
- Skullcandy Riot Earbud Headphones for $10 + free shipping
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
15 Comments