The Imuler.C trojan has affected many Macs till now. It gets user data and Various screenshots and tries to upload them to a server.
This trojan tries to convince users them that the file they’ve downloaded is just an image. The trojan horse operates using .zip archives named “Pictures and the Ariticle of Renzin Dorjee.zip” and “FHM Feb Cover Girl Irina Shayk H-Res Pics.zip”.
At a Mac Security company’s blog, you may read how it works:
The malware installs a backdoor at /tmp/.mdworker, and a process called .mdworker then launches. A launchagent file is also installed at ~/library/LaunchAgents/checkvir.plist, along with an executable in the same folder, ensuring that the malware launches when the user logs into his or her Mac.
What can you do to prevent it?
Enable the “Show all Extensions” feature to see if what you downloaded is a real or fake file. Also, you can check if a suspicious file is a virus or not at VirusTotal.