Trend Micro has flagged this malware as noteworthy due to the increased potential for damage, propagation, or both, that it possesses.
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
This malware may be downloaded unknowingly by a user when visiting malicious Web sites. The said Web site encourages users to download a codec needed to play a video on the said site.
It arrives as a .DMG file that contains an installer package. The said installer package contains component files and malicious scripts. These malicious scripts are detected by Trend Micro as UNIX_JAHLAV.D.
It displays the following user interface upon execution:
While this malware is supposedly installing an application, it executes UNIX_JAHLAV.D in the background. As a result, routines of the executed scripts are exhibited on the affected system.