Skip to main content

Mac trojan pretends to be Flash Player Installer to get in the door

 

Hot on the heels of last week's Mac malware posing as a PDF is a new piece of malware posing as something even more insidious: a Flash player installer. Security firm Intego was the first to post about the new malware on its blog, noting that although the company has only received one report so far from a user who downloaded it, the malware does exist in the wild and may trick Mac users who don't yet have Flash installed.

The malware in question is a trojan horse called Flashback (OSX/flashback.A); users may end up acquiring it by clicking a link on a malicious website to download or install Flash player. If those users also have their Safari settings to automatically open safe files (which .pkg and .mkpg files are considered to be), an installer will show up on their desktops as if they are legitimately installing Flash.

Continuing through the installation process will result in the trojan deactivating certain types of security software (Intego specifically noted that the popular Little Snitch would be affected) and installing a dynamic loader library (dyld) with that can auto-launch, "allowing it to inject code into applications the user launched." The trojan then reports back to a remote server about the user's MAC address and allows the server to detect whether the Mac in question has been infected or not.

The threat is currently marked as "low," but Mac users are advised to follow safe security practices—don't open files or attachments that you don't remember downloading, and turn off Safari's setting for opening safe files automatically. It's also worth noting that Apple now updates its malware definition file on a daily basis, and has already updated it to address the PDF trojan discussed last week. If you haven't already scoured the Internet for a malicious version of the Flash installer, then it's likely Apple will have added the new malware to the file by the time you run into it.

Read the comments on this post

Mac trojan pretends to be Flash Player Installer to get in the door
jacqui@arstechnica.com (Jacqui Cheng)
Mon, 26 Sep 2011 19:47:18 GMT

Comments

Popular posts from this blog

Apple will disconnect ‘obsolete’ first-gen Apple TV from iTunes in May

Apple has announced today it will drop iTunes support for some older devices from May 25. This includes the first generation Apple TV, and also any PC running Windows XP or Vista. The company is introducing new security changes which will prevent those devices from using the latest version of iTunes.
Apple says that the original Apple TV is an "obsolete Apple product" and will not be updated to support security changes. Only those with the second generation of Apple TV or later will be able to access the iTunes store.
Windows XP or Vista users won't be able to use the latest version of iTunes, but older Windows computers can still use previous versions without support from Apple. Those who do so, however, won't be able to make new purchases or re-download previous purchases on that computer. If you're on on XP or Vista, you'll need to upgrade to Windows 7 or later to continue using iTunes normally.
The writing was already on the wall for these devices: Wi…

Microsoft Reportedly Replacing Outlook.com With Office 365

Microsoft might be thinking about replacing the technology and user interface of Outlook.com with Office 365 if a new report is to be believed. Apparently the company will be migrating all Outlook.com users to Office 365 at some point later this year. Office 365 brings other services as well which include Outlook Web Access. The question that surely must be on everyone’s mind is that why is Microsoft doing this? According to The Verge the reason behind this migration is to make sure that Microsoft Outlook, Exchange and Office 365 platforms are perfectly aligned. In favor of keeping things consistent Microsoft is going to go ahead and add the consumer Outlook.com to the mix as well. There has been speculation previously about impending major user interface changes for Outlook.com, Microsoft’s general manager of Office Apps Rob Lefferts suspected that much. It’s worth nothing that Microsoft hasn’t updated its consumer email service for quite a few months and it even showed the door to G…

Windows 10: Microsoft retires HomeGroup

Microsoft plans to remove the HomeGroup functionality from its Windows 10 operating system. The company made the first step towards that goal in the most recent Insider Preview version of Windows 10 as it disabled it in that build.
In "a note about HomeGroup" in the release announcement of the Windows 10 Insider Build, Microsoft confirms that HomeGroup will be retired.
The company introduced HomeGroup in Windows 7 as a new option for home users to access printers, files, and media in home networks. The core idea was to assign all devices to a single HomeGroup to share access to files and printers between all devices.
It is unclear how popular the feature was and is. It is clear however that it was never the only option that Windows users had in this regard, and it was not the best either for certain use cases. You could not add Mac OS X or Linux devices to a HomeGroup for instance.
The end of HomeGroup
Easily connecting to and sharing the important pieces of your digi…