The Trojan dropper’s risk is confined to Snow Leopard and Lion OS X users and is low risk according to Intego as the “malware has not yet been found in the wild”.
The malware protects itself against reboots, requiring it to be removed completely from affected Macs and if given root permission, the Trojan will hide itself using a rootkit.
Whether it is given permission or not “it creates a number of files and folders to complete its task; 17 files when it’s run with root access, 14 files when it’s run without,” a Intego blog post confirms.
The executed standalone files could be Trojans, worms or backdoor malware threats and are saved to a folder on the affected computer.
Intego believes the following files are installed on affected Macs:
With or without root access, this file is installed:
Only with root access, these files are installed:
While common on Windows, the type of Trojan discovered is rare in OS X malware and poses as another Mac threat found this year. Earlier this year Apple users defended themselves against the SabPub backdoor malware that attacked Java vulnerabilities and Microsoft Word documents and the Java-based Flashback Trojan.