Flashback Trojan Resurfaces for Mac Users
The security firm Intego recently issued a report on a new variant of the Trojan known as Flashback.G. This new Trojan adopts a multi-pronged strategy in attacking users’ systems. The methods that are used rely on vulnerabilities in Java, which are patched in systems running up-to-date versions of Java, but leaving outdated systems prone to being infected through the security holes.
For systems that are up-to-date and don’t have the Java vulnerabilities present, Flashback.G presents a self-signed certificate which claims to be from Apple. This is an attempt to fool users into allowing the Trojan to be installed on their systems. Once its installed, the Trojan begins searching for user names and passwords that it then relays to the malware’s authors.
The malware patches web browsers and network applications essentially to search for user names and passwords that the infected user might try to access. It looks for a number of domains such as CNN, Google, and Yahoo! along with bank websites, PayPal, and more. Intego also reported that the Trojan aborts its own installation if it detects the presence of any antivirus applications to remain below the radar while focusing on vulnerable systems. The security firm recommends that users on Mac OS X Snow Leopard make sure that Java is fully up-to-date by running a check through Software update and for all users to be aware of the social engineering trick the trojan uses in attempting to gain permission for installation. The firm also recommends that users get antivirus software for their systems.
Although malware hasn’t been a large threat to Mac users so far, it does have a growing presence and Apple has stepped up its efforts to combat malware by enhancing its File Quarantine system to provide for the daily definition checks. The upcoming, OS X Mountain Lion will be seeing another significant step with the introduction of Gatekeeper, a system by which users can limit installation of apps to sources such as the Mac App Store and developers who are registered with Apple as “identified developers.”