Malware is a small but real threat to the OS X platform, and so it’s not uncommon for the occasional Trojan to pop up, which Apple then usually nukes from orbit through OS X”s built-in anti-malware database. Rinse, repeat, with the only real danger being those who get infected for a week or two.
Well, here’s the latest temporary nuisance to look out for.
A new Mac trojan called Trojan-Dropper:OSX/Revir.a disguises itself as a PDF file and then tries to open a backdoor on your Mac, allowing hackers to gain entry to your system. Once they’re in, you probably won’t even be aware that your system has been compromised, but your system will be watched by a remote malware server.
How can you stop yourself from being infected? Well, the trojan spreads through a PDF file, so don’t open any that aren’t coming from friends or family members who you trust. You’ll know the PDF when you open it because it’ll be filled with Chinese characters… which apparently make up a foul-mouth, pan-offensive political screed.
As for seeing if you’ve already been infected, it’s pretty easy: just open Activity Monitor and look for a process called “checkvir.” If you see it, stop the process, and then delete “checkvir” and “checkfir.plist” files from your /username/Library/LaunchAgents/ directory.
John Brownlee is a writer for Fast Company, and a contributing writer here at CoM. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.
11 responses to “The Latest Mac Trojan Disguises Itself As A PDF To Give Cybercriminals Back Door Access To Your Machine”
my best friend’s mom makes $77 an hour on the computer. she has been out of job for 9 months but last month her check was $7487 just working on the computer for a few hours. read about it here http://xub.me/me
my best friend’s mom makes $77 an hour on the computer. she has been out of job for 9 months but last month her check was $7487 just working on the computer for a few hours. read about it here http://xub.me/me
Malware? Dopeware is the appropriate name. It looks like you have to download it AND open it.
Thanks for the info, I don’t have it, but will pass it along.
Curious. It seems that this group is the only one to know about this Trojan. All the other sites are mum about it. One would think they would at least post they are aware and researching the issue
Also curious is if you google checkvir one of the hits appears to be a security software certification service.
http ://www.jerseymall. org ( copy or click link to view our home page )
NFL JERSEY 21USD,MLB 22USD,NHL 38USD,CAPS 12USD!Free Shipping!
Does this require a PASSWORD to install? So far, no one has mentioned this vital bit of info. Not MacFixit, Not ARS, not TUAW… not even the security website.
Dammut… are there ANY professionals out there that’d like to mention this?
For $%#@’s sake, does this trojan REQUIRE A PASSWORD TO INSTALL???