OS X trojan spotted in the wild
June 20th 2008
SecureMac has announced they have discovered multiple variants of a Trojan horse in the wild that affects Mac OS X 10.4 and 10.5, which is being distributed from a hacker website.
The Trojan horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root.
Hackers have discussed methods of distributing this malware, either a compiled AppleScript, called ASthtv05 (60 KB in size) or as an application bundle called AStht_v06 (3.1 MB in size), via iChat and Limewire.
SecureMac's MacScan 2.5.2 can be used to detect and remove this trojan.
Editor's note: Yes, it's a trojan, so it requires the victim to run it. It's not a self-propagating virus.
It's not hard to imagine that this malware will snag a few foolish people. Forewarned is forearmed...
Props to Macworld