A new trojan has been released targeting the Macintosh Chinese-language user community. The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands.
When the user opens the “PDF” file, it attempts to mask the installation of a malicious payload by opening an actual PDF document that directs the user’s attention to the story. As our friends at Sophos note, while the user is focused on the article, the malware completes installation of a payload designed to give the attacker remote access to the victim’s computer.
EDIT: The following image is a blurred copy of the actual content of the PDF file
This type of PDF exploit is common on Windows where it is often seen as .pdf.exe double-extension files. However, this type of attack is new to the Mac platform and reminds Mac users that they should be aware that files appearing to be PDFs may not be what they seem.
Best practices to reduce the risk of infection are to:
ESET Cybersecurity for Mac detects these threats as OSX/Revir.A Trojan and OSX/Imuler.A Trojan.
Author ESET Research, ESET