Wednesday, September 28, 2011

New OS X Trojan Infecting Macs By Pretending to Be Adobe Flash Update

[caption id="attachment_584" align="alignright" width="300" caption="Screenshot of Flashback trojan installer. Credit: Intego"]Flashback trojan installer[/caption]

Mac users are having their sense of security shaken up once again with another Trojan targeting OS X caught roaming in the wild.

Discovered by Intego, the Trojan horse OSX/flashback.A is sneaking its way into the Mac system files party by masquerading as an Adobe Flash update.

Once OSX/flashback.A, also simply known as “Flashback”, makes its way onto your computer, it goes straight to work: deleting its installation package, opening up a backdoor, installing a dyld library to inject code into applications that are ran & deactivating certain network security software.

During setup, Flashback checks to see if a specific program called Little Snitch, which “tells” on programs that attempt to make outgoing internet connections, is installed to deactivate it. It makes sense, considering the Flashback malware will eventually attempt to “phone home” in order to send sensitive data about the infected PC (like the computer’s MAC address)  back to its authors.

Mac users can check to see if Flashback has infected their machine by checking for a specific file in their home folder: ~/Library/Preferences/Preferences.dylib

To avoid becoming a “Flashback” victim, users can take the following precautions:

  • Only download Adobe Flash updates from Adobe.com. Do NOT download Adobe Flash updates from any other site; otherwise you could potentially be putting your Mac’s security at risk.

  • Disable Safari’s auto-open option. Open your Safari browser, go to the General section of the browser preferences & uncheck the option to “Open safe files after downloading.”

  • Always run up-to-date antivirus & malware software. There are plenty of antivirus programs available for your Mac, including software from ESET, Kaspersky, Intego, & others. Be sure to keep your antivirus & malware software definitions current for the best protection possible.

  • Exercise caution when downloading files. Don’t be click happy and flip through security dialogs without paying them any mind. Always be conscious of what you’re downloading and opening from the internet.


Stay safe, my fellow Mac users!

No comments:

Post a Comment