Tuesday, September 27, 2011

Mac trojan pretends to be Flash Player Installer to get in the door

from arstechnica.com
It's funny because it's Flash

Hot on the heels of last week's Mac malware posing as a PDF is a new piece of malware posing as something even more insidious: a Flash player installer. Security firm Intego was the first to post about the new malware on its blog, noting that although the company has only received one report so far from a user who downloaded it, the malware does exist in the wild and may trick Mac users who don't yet have Flash installed.


The malware in question is a trojan horse called Flashback (OSX/flashback.A); users may end up acquiring it by clicking a link on a malicious website to download or install Flash player. If those users also have their Safari settings to automatically open safe files (which .pkg and .mkpg files are considered to be), an installer will show up on their desktops as if they are legitimately installing Flash.


Continuing through the installation process will result in the trojan deactivating certain types of security software (Intego specifically noted that the popular Little Snitch would be affected) and installing a dynamic loader library (dyld) with that can auto-launch, "allowing it to inject code into applications the user launched." The trojan then reports back to a remote server about the user's MAC address and allows the server to detect whether the Mac in question has been infected or not.


The threat is currently marked as "low," but Mac users are advised to follow safe security practices—don't open files or attachments that you don't remember downloading, and turn off Safari's setting for opening safe files automatically. It's also worth noting that Apple now updates its malware definition file on a daily basis, and has already updated it to address the PDF trojan discussed last week. If you haven't already scoured the Internet for a malicious version of the Flash installer, then it's likely Apple will have added the new malware to the file by the time you run into it.

7 comments:

  1. This site is a joke. It is obvious that ANY OS is vulnerable to ANY malware that pretends to be what it is not. Only an idiot would install Flash from a site that is not Adobe. In OS X one even has to authenticate to do it.

    Oh, and the password changing bug via dscl is an hoax. It doesn't change the passwords, it just wrongly shows the "new password" prompt.

    Have fun using your malware infested Windows and Android. God protect them! You need it! :p

    ReplyDelete
  2. Actually you are the joke, because I'm laughing at you. Of course any OS is vulnerable, that's the point. Apple users and Apple themselves constantly say that they are more secure when that is the furthest thing from the truth. That's all I'm trying to point out you silly little Mac fan.
    I have never fallen victim to a virus in the last 15 years. I will have fun with ALL of my VIRUS FREE Windows machines and Android devices, thanks.

    ReplyDelete
  3. Yeah, I love it when the Apple lovers come to this site. They have the weakest arguments and they get upset really easily. They're probably so defensive because they know we're right.

    I'm the head admin for a small law firm in Sacramento, CA. We've been on Windows and virus free (except for 1 incident on 1 PC) for about 20 years now. Apple sucks.

    Peace

    ReplyDelete
  4. Yeah you little fvcktard, YOU are the joke. If Apple has a bug or exploit you can't handle it. All you whiny little babies please just go to the nearest Starbucks with your piece of shlt macbooks and play farmville while the rest of the world takes care of the important stuff.

    ReplyDelete
  5. Hi Thanks A lot about Your Articles ... very Nice
    No Pain Today Blog
    French Health Articles

    ReplyDelete
  6. as for me, i'd recommend to use this flash player for mac http://www.macvide.com/Macvide_Flash_Player/, it's easy-to-use and works great!)

    ReplyDelete
  7. See that, a suggestion to a problem rather than pretending the problem doesn't exist.

    Thanks kiki

    ReplyDelete