The Latest Mac Trojan Disguises Itself As A PDF To Give Cybercriminals Back Door Access To Your Machine

By

Infected-PDF-Sample

Malware is a small but real threat to the OS X platform, and so it’s not uncommon for the occasional Trojan to pop up, which Apple then usually nukes from orbit through OS X”s built-in anti-malware database. Rinse, repeat, with the only real danger being those who get infected for a week or two.

Well, here’s the latest temporary nuisance to look out for.

A new Mac trojan called Trojan-Dropper:OSX/Revir.a disguises itself as a PDF file and then tries to open a backdoor on your Mac, allowing hackers to gain entry to your system. Once they’re in, you probably won’t even be aware that your system has been compromised, but your system will be watched by a remote malware server.

How can you stop yourself from being infected? Well, the trojan spreads through a PDF file, so don’t open any that aren’t coming from friends or family members who you trust. You’ll know the PDF when you open it because it’ll be filled with Chinese characters… which apparently make up a foul-mouth, pan-offensive political screed.

As for seeing if you’ve already been infected, it’s pretty easy: just open Activity Monitor and look for a process called “checkvir.” If you see it, stop the process, and then delete “checkvir” and “checkfir.plist” files from your /username/Library/LaunchAgents/ directory.