Edit: After half day, my wife’s Mac started having the same problem. I have then applied the solution that I found in the Apple
Mac Trojan Wrapped Up In A PDF File
Computer security firms in European countries have reported that a warning should be given to all Mac users in order to keep an eye on any signs of malware entering into the system. This malware has the ability to enter into the system under the disguise of a PDF file which when allowed to be downloaded on the Mac system, paves way for the malicious software to make an entry too. This report was given by various tech media outlets this Friday.
A representative of Ars Technica, Jacqui Cheng, wrote in the report the program has turned out to be actually a virus and was detected by the experts as Trojan-Dropper:OSX/Revir.A. this malicious application when is installed onto the Mac operating system, automatically, by default, settles up a backdoor for Trojan horse virus named as Backdoor:OSX/Imuler.A .
The representative, however, also added that presently the application does not come into direct contact with either of the system functions. He further added that command and control center for this specific virus is apparently a mere Apache installation, which has settled it down onto its present position since the fifth month of the ongoing year.
Making this as a result, there are instances that Mac OS X users who have been attacked by the malware are not so much affected by its presence, but, speaking in longer terms, the overall situation can change if the affected files and applications start to spread out on a wider base of receptive audience. This statement was further added by Jacqui Cheng.
Initially the problem was discovered by a UK based company named as Sophos and F-Secure belonging to Finland. They reported that as soon as the backdoor is installed on the Mac operating system, it is automatically connected back to a remote server. This remote server is originally controlled and owned by a professional hacker. Through this backdoor, the hacker is now in a position to gain access to the entire information stored in the affected system or he can use this means to trigger any kinds of extra affects within the system unit. The malicious software which is exactly an executable, presently does not have a habit of exploiting any of the major compartments of a Mac OS X and must have been downloaded by the Mac users intentionally as they are, in reality, unaware of their actual purpose. This entire procedure of entering and performing within the Mac system is reported by Gregg Keizer, a representative of Computer world.
On the 23rd of this month, a warning was posted on the official website of Sophos in which its representative reported that the entire contents of the PDF file are in Chinese language and giving an overview to it will give an impression as it is an article about a hot button problem prevailing in countries namely, Diaoyu Islands which is situated in Japan. But this is true or not, this is yet to be decided.
The security firm of Finland further said that since, the document is opened, the users of those files perceive an impression that have opened up a harmless PDF file instead of running a program. When the malware was tested into the lab, the result was that it was not able to execute itself as per the requirements of the author. However, the strings that are embedded within it give a quite clear picture that the code was written with a malicious intent.
The company also added that this malware is functioning on the path of the technique used by windows malware, which opens a path for the launching of the PDF file including an extension of “.pdf.exe” with a PDF icon accompanying it. The sample that has been tested in the laboratory did not bear any extension or an icon till that time.
The report also said there is probability that the malicious intent is slightly different for Mac operating users. The difference is that the icon is placed in a distinct fork which is not is not readily visible to the user of the operating system. There is a possibility that the extension and the icon had been lost at the time the sample malware was handed for lab testing. If this situation is true, this malware may turn out to be more dangerous than Windows malware as the sample has the ability to use any extension of his choice.