Now before all you Mac fans start beating your chests and repeating the pointless mantra of Mac’s don’t get viruses or trojan let me calm you down by letting you know that this new malware, while being targeted directly at Macs has not been seen out in the wild.
The warning comes from security firm Intego, a company that specializes in Mac-related software, and they say this this new malware is a variant of the Imuler.C trojan and it works by playing on a default action on Macs where files extensions are not shown.
The trojan works by trying to convince the user that the file they have downloaded and is about to open is an image file when in fact it a zip archive named Pictures and Article of Renzin Dorjee.zip or FHM Feb Cover Girl Irina Shayk H-Res Pics.zip.
From Intego’s post on the malware
The malware installs a backdoor at /tmp/.mdworker, along with other files in this directory. A process called .mdworker then launches; the mdworker process (not the absence of the . before the name) is a processed used by Spotlight to index files.
A launchagent file is also installed at ~/library/LaunchAgents/checkvir.plist, along with an executable in the same folder, ensuring that the malware launches when the user logs into his or her Mac, or starts it up. After a restart, the .mdworker process is deleted, and the checkvir executable launches.
Once that is done the malware searches for user data which it then tries to upload to a server. As well the malware will take screen shots of the desktop and upload those as well.
As I said at the start – this beastie hasn’t been seen in the wild yet and Intego considers it to be a low risk piece of malware at this point.
via Redmond Pie