Paul Ducklin writes on the naked security blog:
Our colleagues at SophosLabs pointed us at a interesting item of malware the other day, namely a data-stealing Trojan aimed at Mac users.
OS X does try to advise you that you aren't opening a document, although you can argue that the warning would be more compelling if it explicitly said that you were about to "run a software program", rather than merely to "open" the file.
Note: that you don't get a warning about the App being from an "unknown developer" because it is digitally signed, something that happens surprisingly often with modern malware.
LaoShu-A as good as hands control of your Mac over to the attackers, but its primary functions appear to be more closely associated with data stealing than with co-opting you into a traditional money-making botnet.
Read the full blog post:
This thread was automatically locked due to age.