PDF Trojan for Mac Is Reappearing Again

We have received some reports from Mac users of PDF files loading a Trojan and infecting their computers.  The OSX/Revir-B Trojan has been around for quite a while.  People are still opening unsolicited PDF files and catching infections.


There are variations as what is displayed in the PDF, but one of the common ones is a Chinese PDF talking about the Senkaku Islands.  Since both Japan and China lay claim to the ownership of these islands, both Chinese and Japanese Mac owners may be tempted to open the PDF to take part in the argument.

There are reports of successful infections with a Trojan running in the background.  There are also some reports of errors when the PDF is opened.  This Trojan could be mutating or there are some enterprising hackers modifying the old code in an attempt to bypass antivirus programs.  There could also be some mistakes in their coding.

This “PDF” is not actually a PDF, but it is an executable program that is masquerading as a PDF.  The executable installs the Trojan and then displays a “PDF” file.

We have warned before about making sure you are protected with the latest antivirus and antimalware programs with up to date definitions.  Also, do not open up unsolicited PDF files, no matter how big the temptation.

Trojan Horse via flickr by ccarlstead

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>