Security vendor Intego discovered the latest malware masquerading as a program for Mac OS X called "PokerGame." The application is a script wrapped in an executable bundle that's distributed by e-mail as a Zip file.
When opened, the "PokerStealer Trojan" asks the victim for his administrator's password. If it's given, the program then opens a secure shell, or SSH, on the Mac to establish communications with a remote server, Intego said. SSH is a network protocol that allows data to be exchanged using a secure channel between two computers.
Once communications between the infected computer and server have been established, the Trojan sends the user name and password, along with the IP address of the Mac. After gaining access to the computer, hackers can attempt to take control of them, delete files, damage the operating system, or perform other tasks.
Intego first reported the Trojan on Friday, a day after security vendor SecureMac reported finding multiple variants of a Trojan also capable of letting a hacker remotely commandeer a Mac.
The malicious code was being distributed from a hacker Web site, where there had been discussions on distributing the Trojan through iChat and LimeWire, said SecureMac, which gave the Trojan a "critical" security rating. The program can infect Mac OS X 10.4 and 10.5 machines.
A Trojan is a program that appears legitimate, but performs illicit activity when it is run, such as stealing passwords, making the system more vulnerable to future entry, or simply destroying programs or data on the hard disk. LimeWire is a popular peer-to-peer file-sharing program, and iChat is Apple's instant messaging client.