Trojan-Dropper: OSX/Revir.A may be copying Windows malware, which opens a PDF file containing a pdf.exe extension and an accompanying PDF icon. F-Secure said the Trojan drops its files into the tmp directory because the malware is not meant to be permanent. The Trojan is avoiding the need for users running under a Standard account to be authenticated with an Admin account just to be able to infect the system, researcher says.”]
Source: https://krebsonsecurity.com/2011/09/inside-a-modern-mac-trojan/