Mac Trojan Impersonates a Flash Player Installer

Paul Lilly

We've always known that Macs are susceptible to malware, but without a significant portion of market share, why should anyone bother? Now that numbers are up, Mac users are finding out that their platform of choice is also vulnerable, and it's not just Windows users who have to be on the lookout. The latest threat eating away at Apple PCs is a trojan horse that tries to dupe users into thinking it's a harmless Flash Player installer.

It's called Flashback (OSX/flashback.A), and though it's been found in the wild, Mac security software provider Intego considers it a low risk threat. That's mainly because there's only been one report of Flashback fooling anyone. Nevertheless, it "has some disturbing actions."

Certain websites contain a link or an icon to download and install the fake Flash Player, and since Max OS X Lion doesn't include a Flash Player, it's easy to see how something like this could dupe users. Once installed, the Flashback trojan gets to work disabling various network security software, installs a dynamic loader library and auto-launch code, and connects to a remote server where it sends information about the infected machine.

This latest threat to the Mac ecosystem comes right on the heels of another Mac trojan masquerading as a PDF file. Security firm F-Secure says that one is detected as Trojan-Dropper:OSX/Revier.A and "may be attempting to copy the technique implemented by Windows malware, which opens a PDF file containing a '.pdf.exe' extension and an accompanying PDF icon." Once infected, it installs a backdoor in the background.

Now stop laughing at your Mac loving buddy who claims his platform is impervious to malware and go update your own AV software for your Windows machine. Linux users go ahead and stand pat, hardly anyone knows you're there.

Around the web