Dubbed Komplex, the Trojan has been linked to a group of Bad Guys variously known as Sofacy, APT28, Pawn Storm, Fancy Bear and Sednit.
Palo Alto's analysis led it to the conclusion that Komplex was part of an attack spotted last year by BAE Systems that relied in part on a vulnerability in the poorly regarded MacKeeper security and utility package.
Mac owners are commonly advised to avoid MacKeeper and to uninstall it if they have allowed the software into their systems [here's a small selection of examples: 1, 2, 3, 4]. If you have installed MacKeeper and want to be rid of it, Malwarebytes Anti-Malware for Mac is often recommended.
Palo Alto believes Sofacy has been using Komplex to target individuals in the aerospace industry.
It is being spread as an email attachment. When opened, the victim sees a PDF document (opened in Preview) about the Russian space programme.
Behind the scenes, the malware connects to a command and control network that has been linked to Sofacy. It delivers information about the infected system (operating system version, user name, etc) and is capable of deleting files, executing arbitrary commands and downloading additional malware.
Komplex is said to be similar to the Carberp malware affecting Windows.
Komplex executables are detected by Palo Alto's WildFire product, and the company has released an IPS signature to detect and block associated command and control requests.
Other security vendors may also offer protection, but the Komplex name does not appear to be widely used at this time.