Monday, September 26, 2011, 03:38 pm

Apple erases emerging Mac OS X trojan via malware definition update

By Daniel Eran Dilger

Chinese malware targeting Mac users wasn't actually functional, but Apple has squashed the exploit anyway by delivering a malware definition update that flags the Trojan Horse as being malicious when users try to open it.

New malicious software reported by CNET this week has been added to Mac OS X's internal blacklist of known malware, erasing the threat even before its authors were able to get it to the point of actually functioning.

The described "Trojan-Dropper:OSX/Revir.A" was not yet functional, according to security software vendor F-Secure.

However, a report by MacRumors confirms that Apple has already distributed a new definition, which lets the operating system identify and warn users before they attempt to open it.


Apple only recently debuted the new malware definition feature in Mac OS X, and has since distributed definitions flagging new threats such as "MacDefender," a phony anti-virus program.

Macs running Snow Leopard or Lion now check for new malware definitions daily, allowing Apple to quickly deploy protection from threats before they have a chance to spread.

Few malicious titles actually exist for Mac OS X, and those that do almost entirely rely upon duping users to install software that pretends to be legitimate. Apple's Mac App Store enables users to find and install apps without risking an inadvertent malware infection.

Apple's iOS platform is even more secure, requiring users to obtain all their software from the App Store while also setting up app-level security boundaries that prevent apps from touching users' documents (or other apps).

Apple plans to incorporate more App Store-style security for users in iCloud, which similarly segregates apps and their data, preventing rogue malware from accessing, erasing or modifying users' files in the cloud.