SecureMac and Intego claim to have discovered several variants of a Trojan horse in the wild targeted at users of Mac OS X 10.4 and 10.5. The Trojan is being distributed from a hacker Web site through iChat and Limewire, the company said.
Distributed as a compiled AppleScript called ASthtv05 or as an application, the Trojan allows remote access to the system and can transmit system and user passwords. SecureMac also said the Trojan is also capable of logging keystrokes and turning on file sharing.
The Trojan takes advantage of a vulnerability with Apple Remote Desktop that allows it to run as root. You must download and open the infected file for the Trojan to become active, but once it is active, it will add itself to the System login items.
SecureMac said its product,
MacScan, has been updated to remove the Trojan. Intego has also updated its software VirusBarrier to handle the threat.
Updated: This story has been updated, adding Intego’s role in discovering the Trojan.