Newly-discovered Mac OS X Trojan claims ties with Syrian Electronic Army

While Apple’s OS X is generally considered a fair bit safer than Windows as far as desktop operating systems go, OS X still has quite a bit of malware made specifically for it. Security company Intego recently found a new one, called OSX/Leverage.A. According to the firm, the malware is a targeted command-and-control Trojan horse. What’s interesting about this malware, however, is that it seemingly has ties with hacker group Syrian Electronic Army. Don’t worry, though. Apple quickly discovered it and gave OS X protection software XProtect an update that lets it detect and quarantine OSX/Leverage.A.

According to Intego, the Trojan was distributed as an application that fooled users into thinking that it was a picture of two people kissing. When the “picture” is opened, the Trojan attempts to install itself in the background while showing users an embedded version of the image in Preview. The Trojan also has a few modifications that prevent it from showing up in the user’s Dock or the Command-Tab application list.

The picture downloaded by the Trojan

Once it’s up and running, the Trojan runs a bunch of commands, such as the typical malware command-and-control stuff like stealing information and uploading it to a remote server. Interestingly, however, the Trojan also downloads an image typically associated with the Syrian Electronic Army. Mashable contacted the hacker group, who claimed that it was not responsible or associated with the Trojan.

If XProtect doesn’t seem secure enough for you, OS X’s Gatekeeper will also issue a warning when the program is being downloaded because it is not a signed package. Users can also set up some Launch Agent monitor scripts that alerts them if this, and a lot of other malware, is being installed.