Friday, February 24, 2012

Flashback Mac trojan is back with new and improved exploit strategy

from arstechnica.com



The "Flashback" Mac trojan is back, and it's smarter than ever. Mac security company Intego says the latest variant, Flashback.G, uses three new methods in order to make its way onto Macs, though it won't install itself at all if it detects a number of antivirus or anti-malware security programs already installed.
"The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention," Intego wrote on its Mac Security Blog on Thursday. "If these vulnerabilities are not available—if the Macs have Java up to date—then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue."
The Intego team believes the latest Flashback variant won't install when it detects security software in order to avoid detection, instead choosing to move onto the plethora of other Macs that aren't protected. As for what it does, the malware injects code into apps that can access the network and then searches for usernames and passwords to exploit, and can even automatically update itself if its developers decide to push out an update.

8 comments:

  1. Not to start a war here or anything but...

    This will probably affect a lot of Mac users since most of them think they are invulnerable. I own a Mac but I'm smart enough to browse safely and use AV. If only everyone would listen.

    ReplyDelete
  2. Another scare report from a security software company (Gee I wonder what's in it for them?) Let me know when this "affects a lot of Mac users".

    If it's anything like past scares, few will be affected before Apple releases a security update.

    And those that wind up getting infected are likely the same idiots that obtain illegal downloads and open email enclosures from unknown senders. That's one way to learn a lesson about safe computing, I guess.

    Say what you will, but PC users are subject to VASTLY more malware attacks than Mac users. And it will remain so for the foreseeable future.

    ReplyDelete
  3. Well, most PC users are VASTLY more prepared for it, therefore VASTLY less likely to get infected and harder to hack. PWN2OWN

    ReplyDelete
  4. We disagree. I will bet that a much higher percentage of PC users suffer from malware than do Mac users. Many PC users aren't as cautious as you'd like to give them credit for.

    And PWN2OWN is all about proofs of concept and has zero relationship to reality for the average user, But haters like to bandy it about as if it actually proved something.

    Let's wait to see if this latest Mac exploit amounts to anything. If it does, you can say "I told you so", and I'll admit I was wrong. But I think we both know it will go nowhere.

    ReplyDelete
  5. More problems from Flashback, sounds pretty bad.

    http://packetstormsecurity.org/news/view/20654/

    ReplyDelete
  6. Flashback G attempts to sniff out usernames and passwords that you enter into many popular sites, really alarming!

    ReplyDelete
  7. "sounds pretty bad", "really alarming"…

    Everybody, FUD panic! The world is ending. Sell your Apple stock!

    … (It's been 6 days since the original article was published. Still waiting to hear of any real world fallout.)

    ReplyDelete
  8. Half a million isn't enough?
    http://www.bbc.co.uk/news/science-environment-17623422

    ReplyDelete