Although Mac OS X is recognized as one of the operating systems in which users do not have to worry about viruses, it is the malware that is making its way on Apple's platform. Representatives of F-Secure and Sophos companies they discovered a new type of malware called generic Trojan dropper which tries to steal users' personal information. The Trojan is disguised as a PDF file that displays a text written in Chinese that, once opened, downloads a backdoor program from the Internet that keeps the Mac "open" to the hacker and allows information to be sent to it.
This Trojan downloader is the initial phase of the attack, and is a program that when run will install a backdoor utility called "BackDoor:OSX/Imuler.A" onto the system. The downloader will also download and continuously open a Chinese PDF document (aptly named "trojan.pdf") that contains offensive political statements, which apparently is an attempt to distract the user and disguise the installation of the backdoor malware. When the backdoor is installed, it will set up a launch agent on the system that is used to continuously keep the malware active on the system. It will then connect to a remote server and send the system's current username and MAC address to the server, after which the server will instruct it to either archive files and upload them, or take screenshots and upload them to the server.
After installing the backdoor, the hacker can archive and upload files from your Mac or take screenshots of all the screens you open, practically having access to "sensitive", personal information. Of course, this trojan must first be run by a user with administrator access, otherwise it won't work, so you're safe as long as you don't run unknown applications on your Mac. The ironic thing is that this type of malware works with the help of a PDF file, just like the jailbreak solutions, and this shows how much Apple still has to work in the field of security for this type of documents.
The good part is that the Trojan is not built properly and works irregularly, and those from F-Secure claim that it could be in the testing phase now, but in the future it could become much stronger. My advice is not to install anything unknown on your Mac and if out of the blue a file opens in which you see Chinese characters, then access the folder /username/Library/LaunchAgents/ from Mac and delete the named file/folder checkvir after you close the process from Activity Monitor.
