The malware, known as Crisis and Morcut, arrived via a file named "AdobeFlashPlayer.jar." The "jar" in this case refers to "Java archive" and are just a ZIP file by another name, according to Sophos. In this case, opening the file will unleash a .class file named WebEnhancer, and "two unassuming-looking files named win and mac." The "mac" is an installer for Crisis or Morcut
[More from Mashable: Mountain Lion Arrives Today and Two Other Stories You Need to Know]
However, the good news is that the WebEnhancer applet will trigger the digital signature alert below:
[More from Mashable: Apple OS X Mountain Lion Goes on Sale Tomorrow]
The researcher warns, though, that the malware doesn't necessarily have to be delivered via a ".jar" file -- that's just the way it came about in this case. If you do download Morcut/Crisis, then beware. According to Sophos, "Morcut has kernel driver components to help it hide, a backdoor component which opens up your Mac to others on your network, a command-and-control component so it can accept remote instructions and adapt its behaviour, data stealing code, and more."
Sophos warns Mac users not to assume that they're safe from malware attacks. Indeed, such threats have been on the rise as the platform has grown in popularity. Another piece of advice is to uninstall Java if you don't need it. "That leaves one less convenience for malware writers."
Have you run across WebEnhancer? Let us know in the comments.
This story originally published on Mashable here.