New Mac malware found in the wild has been linked to the Syrian Electronic Army, but the mysterious hacker group is denying any involvement in making, or spreading, the trojan.

On Tuesday, a researcher at security firm Intego revealed in a blog post that a new Mac trojan virus that disguises itself as a picture of a kissing couple was found by a user in Belarus.

The malware was probably part of a targeted attack, and thus low-risk for most users, according to Intego's Lysa Myers.

However, the trojan was designed to trick users into clicking on a seemingly innocuous image. Then it would install a permanent backdoor in the computer that would allow the hackers behind it to surreptitiously control the computer and steal his or her data.

The malware would also download a picture of the Syrian Electronic Army logo onto the computer, which made researchers suspect the pro-Assad hackers might be behind it.

Moreover, according to security researcher Ken Westin, a trojan like this is similar to what the Syrian hackers used in their phishing attacks against The New York Times, Outbrain, and The Washington Post.

"That's what they're after, trying to get these trojans to run on people's computers, steal credentials from their accounts and from there that's where they can do a lot more damage," Westin told Mashable.

But the hackers, contacted by Mashable, denied having anything to do with this virus.

"As we said before, no, it's not associated with us," they said via email.

So who's behind this attack? And why would they make the virus download a logo of the Syrian Electronic Army?

For Westin, there are two options as to why the logo is in the malware: either the hackers are doing it for "propaganda," and it really is the Syrian Electronic Army behind it; or whoever is behind the malware is trying to cover his or her tracks by pointing toward the SEA.

In that case, the logo would be a simple false flag, which is plausible — it happens with this kind of attack, in which it's hard to find the real culprit. The best way to hack a network and hide your tracks, explained Westin, is use a proxy through China and blame it on them.

Another expert agreed with these two possibilities.

"The only reason I can imagine that someone else would want to embed such an image in their Mac malware is if they wanted to show their support for the hacking group, or simply wanted to throw cybercrime investigators off the scent of the true creators of this malware," wrote security researcher Graham Cluley on his blog.

But Myers, the Intego researcher who studied the malware, reveals to Mashable that further investigation into the virus seemed to point towards Iran.

"There was evidence that the IP address used by the C&C [Command and Control] channel was also used to visit Iranian websites," she wrote in email. "Which means it's possible that the attack came from an Iranian user."

But that doesn't necessarily mean the hackers behind it were Iranian. All in all, Myers notes, there isn't enough evidence to really point the finger in any direction right now.

"I don't feel like there's enough information to come to an educated guess either way," she said. "It could be one of those two possibilities or it could be that an individual within SEA did this on his own, without the blessings of the group."

Myers also noted that the C&C servers used to control the malware now seem to be inactive, which might indicate that the malware isn't a threat anymore. Furthermore, the malware was only effective with older versions of Mac OS and won't work on OS X 10.8. But, as usual, caution is advised.

After all, as Westin said, no security "is going to replace human stupidity."

Image: Syrian Electronic Army website, Sea.sy