New Version of Imuler Trojan Masquerades as Image Files
From The Mac Security Blog:
Intego has discovered a new version of the Imuler Trojan horse, which the company first discovered in September, 2011. At the time, the sample discovered masqueraded as a PDF file containing Chinese text. This was not found in the wild, and the risk was considered to be low.
The latest version, Imuler.C, has been found to be disguised as image files. Intego found two samples of this malware on the VirusTotal website, a site used by security companies to share malware samples. Two samples were found, both in zip archives: "Pictures and the Ariticle of Renzin Dorjee.zip" and "FHM Feb Cover Girl Irina Shayk H-Res Pics.zip." In both cases, an application was included among the various files, with an icon making it look like an image: [Screenshot]
This technique is not new, and takes advantage of a default setting in the Mac OS X Finder, whereby file extensions are not displayed. Users double-clicking on the application launch the malware, which quickly deletes itself, replacing the original application with a real JPEG image corresponding to the one that was an application, and displays this image in the user's default image viewer. There is no visible trace of the application after this point.
Continued : http://blog.intego.com/new-version-of-imuler-trojan-horse-masquerades-as-image-files/
From F-Secure: Mac Malware at the Moment