Apple has remotely updated the Xprotect anti-malware mechanism on OS X computers blocking a new Mac Trojan (OSX/Leverage.A) that creates a backdoor on infected machines.
Found on VirusTotal and sent in by a user in Belarus, the Trojan’s Command and Control (C&C) server was down at the time Intego was reporting on the discovery of the malware.
The Mac security expert noted at the time, “This appears to be a targeted attack, though the method of delivery is not yet known. So, while this has been affecting users in the wild, the overall threat level appears to be low.”
The Trojan disguises itself as a picture, but the .app file-extension (not visible by default) is dead giveaway that it’s actually more than just a photo.
When double clicked, the image does open in Preview but at the same time it also installs the Trojan on the user’s Mac. So far, no successful attacks have been reported.