F-Secure identifies new Mac trojan masquerading as Flash Player update

Posted by:
Date: Thursday, October 20th, 2011, 02:28
Category: News, security, Software

Sometimes you get the feeling that that the security war never really ends.

Per Macworld, F-Secure has reported on a new, scarier-than-usual Mac Trojan horse masquerading as a Flash installer. The downside is that if you do fall victim to the Trojan, it disables your Mac’s automatic malware definition updates.

F-Secure, which has a report on the issue, has dubbed the new pest Trojan-Downloader:OSX/Flashback.C; Macworld reported on a previous version of the malware back in September. A Trojan horse works by fooling you into running it; in this case, Flashback disguises itself as an installer package for Flash Player.

The earlier incarnation of the Flashback Trojan horse sent information about your Mac back to a remote server, which was bad enough, but this new version disables the security definition updating mechanism Apple first introduced in Snow Leopard back in May; the same malware protection is included in Lion, too. If you install the rogue software, it prompts you for your administrator password. Enter that, and Flashback.C wipes out files necessary for the malware definition updating process to run properly.

By disabling the malware definitions update, Flashback.C attempts to ensure that your Mac won’t know about any update Apple releases to remove the malicious software. Notably, the Trojan horse bails and deletes itself if you have the Little Snitch app installed.

F-Secure offers removal instructions if you fear you’ve been infected; the fix involves deleting entries from your browsers’ .plist files. Check out F-Secure’s page if you’re concerned, but you only need to worry if you recently installed Flash Player from a download that you didn’t get from Adobe’s website.

If you’ve seen this trojan on your end or have any feedback on it, please let us know in the comments section.

Recent Posts