[+] Wayc0de's Blog[+]

23/09/11

Researchers find Mac OS X malware posing as PDF file

Summary: The malware installs a backdoor that contacts a remote server for instructions and can be used to steal files or capture a screenshot of the infected computer system.


Researchers at F-Secure have discovered a Mac OS X malware file masquerading as a PDF file to lure users into installing a backdoor trojan.

The malware, flagged as a trojan dropper, installs downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user.

According to F-Secure, the PDF file contains Chinese-language text related to political issues, which some users may find offensive.

The use of a PDF file as a social engineering gimmick is widely used by malicious hackers on the Windows platform and F-Secure’s research team believes this is an attempt to copy the trick of opening a PDF file containing a “.pdf.exe” extension and an accompanying PDF icon.
 
“”The sample on our hand does not have an extension or an icon yet. However, there is another possibility. It is slightly different in Mac, where the icon is stored in a separate fork that is not readily visible in the OS. The extension and icon could have been lost when the sample was submitted to us. If this is the case, this malware might be even stealthier than in Windows because the sample can use any extension it desires,” the company said.


Once installed, the trojan dropper installs a backdoor program that gives a hacker full control of the infected Mac OS X machine.

The backdoor typically contacts a remote server for instructions and can be used to steal files or capture a screenshot of the infected computer system, which is then forwarded to the remote server.

F-Secure reports that the command-and-control of the malware is just a bare Apache installation that is not yet capable of communicating with the backdoor.

nb : zdnet

Tidak ada komentar:

Posting Komentar