The Latest Mac Trojan Disguises Itself As A PDF To Give Cybercriminals Back Door Access To Your Machine

The Latest Mac Trojan Disguises Itself As A PDF To Give Cybercriminals Back Door Access To Your Machine

Malware is a small but real threat to the OS X platform, and so it’s not uncommon for the occasional Trojan to pop up, which Apple then usually nukes from orbit through OS X”s built-in anti-malware database. Rinse, repeat, with the only real danger being those who get infected for a week or two.

Well, here’s the latest temporary nuisance to look out for.

A new Mac trojan called Trojan-Dropper:OSX/Revir.a disguises itself as a PDF file and then tries to open a backdoor on your Mac, allowing hackers to gain entry to your system. Once they’re in, you probably won’t even be aware that your system has been compromised, but your system will be watched by a remote malware server.

How can you stop yourself from being infected? Well, the trojan spreads through a PDF file, so don’t open any that aren’t coming from friends or family members who you trust. You’ll know the PDF when you open it because it’ll be filled with Chinese characters… which apparently make up a foul-mouth, pan-offensive political screed.

As for seeing if you’ve already been infected, it’s pretty easy: just open Activity Monitor and look for a process called “checkvir.” If you see it, stop the process, and then delete “checkvir” and “checkfir.plist” files from your /username/Library/LaunchAgents/ directory.

  • JohnMqa9876

    my best friend’s mom makes $77 an hour on the computer. she has been out of job for 9 months but last month her check was $7487 just working on the computer for a few hours. read about it here http://xub.me/me

  • JohnZen9876

    my best friend’s mom makes $77 an hour on the computer. she has been out of job for 9 months but last month her check was $7487 just working on the computer for a few hours. read about it here http://xub.me/me

  • imajoebob

    Malware?  Dopeware is the appropriate name. It looks like you have to download it AND open it.

  • kevincu

    Thanks for the info, I don’t have it, but will pass it along.

  • CharliK

    Curious. It seems that this group is the only one to know about this Trojan. All the other sites are mum about it. One would think they would at least post they are aware and researching the issue

    Also curious is if you google checkvir one of the hits appears to be a security software certification service.

  • jiehun18

    http ://www.jerseymall. org   ( copy or click link to view our home page )

    NFL JERSEY 21USD,MLB 22USD,NHL 38USD,CAPS 12USD!Free Shipping!

  • Cowicide

    Does this require a PASSWORD to install?  So far, no one has mentioned this vital bit of info.  Not MacFixit, Not ARS, not TUAW… not even the security website.

    Dammut… are there ANY professionals out there that’d like to mention this?

    For $%#@’s sake,  does this trojan REQUIRE A PASSWORD TO INSTALL???

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News |