Fake FlashPlayer for Mac OS X leads to site redirection attacks

Researchers at F-Secure have intercepted a new malicious threat for Apple's Mac OS X -- a Trojan that redirects users to fake Google web sites.

Researchers at F-Secure have intercepted a new malicious threat for Apple's Mac OS X -- a Trojan that redirects users to fake Google web sites.

The Trojan is currently being delivered via fake a Adobe Flash Player (FlashPlayer.pkg) update, F-Secure said in a blog post.

Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands.

follow Ryan Naraine on twitter

The server at the IP address displays a fake webpage designed to appear similar to the legitimate Google site.

"Even though the [Google] page looks fairly realistic, clicking on any of the links does not take the user to any other sites. Clicking on the links does however open new pop-up pages, which are all pulled from a separate remote server," F-Secure said, nothing that this attack may be aimed at serving ads to infected Mac OS X machines.

Apple has struggled recently with scareware attacks on its platform and the latest sighting is further proof that the increase in Mac OS X market share has attracted the attention of malware writers.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All