SecureMac Documents Mac OS X Trojan Horse

SecureMac has posted an advisory about a Mac OS X Trojan Horse that exploits a vulnerability in the Apple Remote Desktop Agent and allows the malware to run as root. The vulnerability is rated critical.

The Trojan Horse runs hidden on the system and allows a malicious user complete remote access to the system. It can transmit system and user passwords and can avoid detection by opening ports in the firewall and turning off system logging. It can also do unwanted things like take pictures, take screenshots and turn on file sharing.

"The Trojan is distributed as either a compiled AppleScript, called ASthtv05 (60 KB in size), or as an application bundle called AStht_v06 (3.1 MB in size). The user must download and open the Trojan horse in order to become infected," according to Nicholas Raba at SecureMac.

The vulnerability is rated "Critical" and applies to OS X Tiger and OS X Leopard.

Regarding a remedy, Mr. Raba told TMO that MacScan 2.5.2 with the Definitions Update 2008011 will deal with the Trojan Horse if the user feels that they need an immediate solution. Other companies that supply anti-virus and security products will likely be providing updates soon, and Mac users should contact their favorite vendor for details.

The vulnerability has been reported to other more general tracking sites such as

Intego, which first reported the vulnerability on Thursday, also posted an alert with suggestions for blocking the Trojan Horse.