SecureMac, a security vendor has discovered a series of Trojan, which are dangerous enough to hijack a Mac OS X 10.4 and 10.5 remotely. Currently the Trojan is distributed from a hacker website. This website was also used for discussion on distributing the Trojan horse through iChat and Limewire, says SecureMac.
The Trojan horse is more dangerous as it runs secretly on the systems and offers a complete remote access of the system to hijacker. Further it can transmit system and users’ passwords to malicious user. All this happens without any detection by opening ports in the firewall and turning off system logging.
Further, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. Also the Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, allowing it to run as root.
The Trojan is distributed either as a compiled AppleScript, called ASthtv05 (60 KB in size), or as AStht_v06 (3.1 MB in size), an application bundle. Mac users should be careful while downloading and installing the files as the Trojan horse has to be downloaded and opened for systems to be infected.
Once the Trojan horse is running, it would move itself into the /Library/Caches/ folder, and also add itself to the System Login Items.