A day after SecureMac discovered AppleScript.THT, Intego released its security advisory discovering another trojan named OSX.Trojan.PokerStealer.
Let’s take a closer look …
When clicking or executing PokerGame.app, it displays this message box. 
However, it displays this error message box when the root password supplied is wrong.
In background, it connects to a remote server where it reports the infected users’ IP address.
Furthermore, it collects users’ information such as username, password hashes and IP address and logs it to a “secret_file” where this trojan tries retrieve these gathered information and sends it through email.
It also enable SSH for possible remote connection later.
