Mac OS security company Intego has issued a warning about MACHARENA proof-of-concept virus, which has not yet been seen in the wild, was published on a hacker Web site. The virus can only infect Intel-based OS X computers. It consists of a C source file, an Assembler ‘dropper’ file, and documentation that explains how to create a virus that can infect Macintosh OS X binary files.
Compiling the source code creates two binaries, the OS X virus file itself, and the dropper. The dropper is intended to infect Mac OS X binary files from a Windows installation on the current machine. This can be either via Apple’s Boot Camp, or via a virtualization application such as Parallels Desktop for Mac.
The virus only infects mach-o binary files, not Universal or PowerPC binaries.
Mach-o (Mach object file format) is the native file format used for executables by Mac OS X’s Mach kernel. The virus does not carry a payload. When run it infects other executables in the current directory, regardless of their name or extension.