A Mac malware "OSX/Imuler-B" uses pictures of supermodel Irina Shayk to lure users into run the malware. Because of Mac OS X doesn't display file extensions by default, the Mac users might be duped into believing that the file they are about to click on is a JPG image, rather than the Trojan.
Once user click the file, the Trojan would quickly launch, before creating a genuine JPG image of the Russian model, and deleting itself. The malware deletes itself from the current folder and creates a genuine picture file.
At the same time, the malware opens a backdoor that allows an attacker to gain your private information.
Sophos researcher advise Mac users to change the setting of the OS so that it always show filename extensions. Up-to-date anti-virus software, including Sophos's free Mac anti-virus for home users, can protect you against the threat.
Researcher also provide guide to remove this malware manually:
- First of all, terminate the process with name ".mdworker"
- Go to the /tmp/ directory and remove the two files ".mdworker" and "CurlUpload"
- You then need to delete the files "checkvir" and "checkvir.plist" from $HOME/Library/LaunchAgents/
![](https://pinterest.com/pin/create/bookmarklet/?media=https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEib-lbzBD7wxudD_2PTi9ZX9l0D2tzIj1Mg8lVgEeKZOheIm0il_8l5g27nyGzSi15PenBE9KAxIEfedb4HbNGdVVBl6mqA1t-kGe7IKa6ZeRWZOhHkDVwp-vtPKo-8gdrHYTpHzpXjmKLz/s1600/Mac-Malware.jpg&url=https://www.cysecurity.news/2012/03/supermodel-irina-shayk-photos-used-to.html&description=Supermodel "Irina Shayk" photos used to spread Mac malware){kind=link}