Revir malware for OS X undergoes revision

Recently a new PDF-based malware threat for OS X was discovered that displays a Chinese PDF file while it installs and runs its malicious code in the background. While the initial version of this malware (OSX/Revir.A) was detected over a week ago, the criminals developing the code are busy revising and refining it, and over the weekend a variant has been identified (OSX/Revir.B). As with all malware, new versions of these threats are likely to surface in the future, and as they do, expect malware detection utilities (including Apple's XProtect) to follow close behind and label them alphabetically as they appear.

The Revir malware is one of two recent malicious programs developed for OS X that install background programs that try to steal personal information and send them to remote servers when run. This may sound scary, but in reality these threats are not widespread by any means, and can mainly be avoided by not running programs unless you have purposefully downloaded them from a reputable download location. As a result, the danger is minimal for OS X users, and can be merely lumped in with the plethora of scams that are attempted each day on PC users via e-mail, malicious Web sites, malware, and other means of trying to coerce people into traps.

Related stories
• OS X Trojan sends screenshots, files to remote servers
• Q&A: Have you installed the fake Adobe Flash Trojan?
• Apple updates malware definitions for fake Flash Player Trojan

When looking at the prevalence of malware on OS X, in the past five days there have been about 135 detected malware revisions for computer systems (Trojans, worms, viruses). Of these, for Windows systems about 12 are brand-new malware threats and 120 are revised ones. The remaining three are for OS X, with two of them being revisions and one being new. That's just over 2 percent of the malware in the past week, and many weeks there are no new threats for OS X.

Despite the low prevalence of malware and the minimal threat posed to OS X users, you can still protect yourself further by installing a malware scanner such as Sophos, VirusBarrier, Avast, Kaspersky, iAntiVirus, or ClamXav. In addition, you can disable the automatic opening of downloaded files by Safari and other Internet browsers and utilities, and instead scan them before opening them yourself (consolidating all downloads to a single "Downloads" folder and scanning it regularly may facilitate this process). Currently, the use of malware scanners is more of a benefit for Windows PCs that your Mac may interact with, including virtual machines you may use, but keeping one installed and regularly updated will help as more Mac malware begins to show up.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.