Mac trojan masquerades as a PDF
Malware that hides in PDF files and exploits holes in PDF viewers is not uncommon. Now, virus researchers at F-Secure have netted a file that looks like a PDF but uses an entirely different infection mechanism. The file is actually a Mac OS X program whose resources include a PDF file. When run, the program opens that PDF file in the Mac's PDF viewer while downloading the actual backdoor software in the background. Computer users who double-click on the purported PDF file are, therefore, presented with the expected result and are unlikely to become suspicious.
The researchers at F-Secure think that the current sample is a prototype; while the trojan does install backdoor software on the Mac, the backdoor's command and control server is not apparently operational at present. Furthermore, the malware doesn't do everything it could to disguise itself yet: it currently includes neither a PDF file icon nor a suitable name and extension, although, according to F-Secure, neither of these would be a problem to create and could have been lost when the sample was found via VirusTotal.
(djwm)