Skip to main content

Mac trojan pretends to be Flash Player Installer to get in the door

 

Hot on the heels of last week's Mac malware posing as a PDF is a new piece of malware posing as something even more insidious: a Flash player installer. Security firm Intego was the first to post about the new malware on its blog, noting that although the company has only received one report so far from a user who downloaded it, the malware does exist in the wild and may trick Mac users who don't yet have Flash installed.

The malware in question is a trojan horse called Flashback (OSX/flashback.A); users may end up acquiring it by clicking a link on a malicious website to download or install Flash player. If those users also have their Safari settings to automatically open safe files (which .pkg and .mkpg files are considered to be), an installer will show up on their desktops as if they are legitimately installing Flash.

Continuing through the installation process will result in the trojan deactivating certain types of security software (Intego specifically noted that the popular Little Snitch would be affected) and installing a dynamic loader library (dyld) with that can auto-launch, "allowing it to inject code into applications the user launched." The trojan then reports back to a remote server about the user's MAC address and allows the server to detect whether the Mac in question has been infected or not.

The threat is currently marked as "low," but Mac users are advised to follow safe security practices—don't open files or attachments that you don't remember downloading, and turn off Safari's setting for opening safe files automatically. It's also worth noting that Apple now updates its malware definition file on a daily basis, and has already updated it to address the PDF trojan discussed last week. If you haven't already scoured the Internet for a malicious version of the Flash installer, then it's likely Apple will have added the new malware to the file by the time you run into it.

Read the comments on this post

Mac trojan pretends to be Flash Player Installer to get in the door
jacqui@arstechnica.com (Jacqui Cheng)
Mon, 26 Sep 2011 19:47:18 GMT

Popular posts from this blog

Apple will disconnect ‘obsolete’ first-gen Apple TV from iTunes in May

Apple has announced today it will drop iTunes support for some older devices from May 25. This includes the first generation Apple TV, and also any PC running Windows XP or Vista. The company is introducing new security changes which will prevent those devices from using the latest version of iTunes.
Apple says that the original Apple TV is an "obsolete Apple product" and will not be updated to support security changes. Only those with the second generation of Apple TV or later will be able to access the iTunes store.
Windows XP or Vista users won't be able to use the latest version of iTunes, but older Windows computers can still use previous versions without support from Apple. Those who do so, however, won't be able to make new purchases or re-download previous purchases on that computer. If you're on on XP or Vista, you'll need to upgrade to Windows 7 or later to continue using iTunes normally.
The writing was already on the wall for these devices: Wi…

BBM Desktop is now a thing for Android BBM beta users!

With BlackBerry Blend having met an arguably early demise, folks looking to use BBM on their desktop have been out of luck. That might soon change, though, as the latest BBM beta release for Android has a BBM Desktop mode.

With BlackBerry Blend having met an arguably early demise, folks looking to use BBM on their desktop have been out of luck with no desktop application available. That will soon be changing, though, as the latest BBM beta release for Android has introduced a new way to bring BBM to your desktop.
Read More »

https://crackberry.com/bbm-desktop-now-thing-bbm-beta-users

Windows 10: Microsoft retires HomeGroup

Microsoft plans to remove the HomeGroup functionality from its Windows 10 operating system. The company made the first step towards that goal in the most recent Insider Preview version of Windows 10 as it disabled it in that build.
In "a note about HomeGroup" in the release announcement of the Windows 10 Insider Build, Microsoft confirms that HomeGroup will be retired.
The company introduced HomeGroup in Windows 7 as a new option for home users to access printers, files, and media in home networks. The core idea was to assign all devices to a single HomeGroup to share access to files and printers between all devices.
It is unclear how popular the feature was and is. It is clear however that it was never the only option that Windows users had in this regard, and it was not the best either for certain use cases. You could not add Mac OS X or Linux devices to a HomeGroup for instance.
The end of HomeGroup
Easily connecting to and sharing the important pieces of your digi…