New OS X malware variant attacks unpatched Macs

New OS X malware variant attacks unpatched Macs

Summary: A new malware variant sets out to punish those who haven't been keeping up to date with updates.

SHARE:

Patching OS X is so simple, but yet there are people who still put it off. A new malware variant sets out to punish those who haven't been keeping up to date with updates.

The new variant is a Trojan horse called 'Flashback.G' and is makes use of two exploits found on older versions of the Java runtime. Users with macs running OS X 10.6 'Snow Leopard' are particularly at risk since this version came with Java preinstalled while 10.7 'Lion' did not.

According to security firm Intego, this malware uses three tricks to try to get itself installed onto a system:

This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.

Image credit: Intego

This Trojan looks for specific websites (such as Google, Yahoo!, CNN, bank websites, PayPal, and so on) and tries to grab the user names and passwords used to log onto the sites.

If you are running OS X 10.6 then it is vitally important that you check to see that you have the latest Java update installed by running Software Update from the Apple menu.

DO IT NOW!!!

Topics: Operating Systems, Apple, Hardware, Malware, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

40 comments
Log in or register to join the discussion
  • hmmm

    doesnt seem to "just work" then....
    danjames2012
  • And if it's already infected?

    Will patching the system remove the infection? There appears to be no information on this.
    The most useful link I've found is http://www.powerpage.org/2012/02/23/intego-announces-discovery-of-flashback-g-trojan-variant-advises-caution/
    It gives information on how to check for infection and suggestions on removal.
    keebaud@...
    • And if it's already infected?

      Impossible remember. All you kool-aid drinkers say this is impossible. Yet here we are, the 2nd one found this week alone. Hey, Don't listen to us PC users though, we wear tinfoil hats and have no idea what we are talking about. Keebaud, why are you asking. You didn't get suckered into buying one of those $2,000 impenetrable Mac's did you?
      Nate_K
      • and if it's already infected

        are those hats more comfortable than propeller beanies? 8-)
        ExEC135CrewDog
      • And yet . . . .

        And yet Charlie Miller, who keeps winning prizes for hacking OS X, still uses OS X as his primary OS, without any AV software.

        Equally, the Mac malware epidemic has been predicted for the last 10 years, along with how it will be so bad because Mac owners are ignorant about security . . . yet like the global flu pandemic, and the Rapture, it never actually arrives.
        JulesLt
    • Thanks for this post

      Thanks keebaud for actually posting something helpful on this issue. I use all three OSes, Linux, Mac and Windows and I really don't get all these people playing kindergarten games... my OS is better than your OS, and calling each other fanboys. What a waste of time for people that read a tech blog and have to sift through such childishness when trying find a helpful post. Why don't you try contributing positively to the discussion even if it isn't the OS of your choice?
      BobMcDol
      • About two months ago I was infected with a drive-by

        I wound up going to the Malwarebytes forum and was eventually instructed to use the invasive ComboFix program in order to eradicate it.

        It's a real mess over there with dozens of people going in there every day in the same boat as I was. And I was using Windows 7. Fully patched with the latest plug-ins!

        The chances of this happening on a Mac just doesn't even compare.
        ScorpioBlack
  • This HAS TO BE false...

    After all I've been told by several people on here AND in Apple retail stores that Mac are immune to any sort of malware attack. That there is NO WAY a Mac can get any sort of malware on it.

    So this article, the article a few days ago, and all of the articles by Ed Bott and others in the tech blogosphere simply must be wrong. It's not like Apple has a malware solution in place for it's users...

    /sarcasm

    In all seriousness Mac users - you guys really need to keep your system updated and practice vigilance to ensure you don't get infected. I'm not going to go into the whole Mac vs Windows pissing match but you could learn something from the windows users who had to learn what to look out for.
    athynz
    • And they still say that

      Last time I was in the Apple store to get my wife's iPhone 4 fixed because the home button didn't work right you can hear their sales pitch. They still say as a Mac user you never have to worry about any type of infection or viruses because Apple makes their computers more secure than other brands.

      I just wish they would be honest and make people aware of the threats that people commonly fall for today that really have no bearing on what Operating System you use. I have warned people about threats that circulate through email and Facebook that phish out or steal personal data only to have people comment that they do not need to worry about that because they have a Mac. Ah how naive they are.
      bobiroc
      • I'm surprised to hear that

        Especially after the very public "Mac Guard" and "Mac Defender" outbreaks.


        Oh, wait, Apple denied that even happened.
        The one and only, Cylon Centurion
      • The truth about OS X and viruses...

        No doubt, the years of being able to rightly say that there are no viruses for Macs has built up enough ire among the PC crowd for there to be backlash now that some challenges to OS X security are starting to show. Anybody who is a Mac fan would have to acknowledge that.

        But let's be clear, folks. If the people at the Apple store are telling you, "Apple makes their computers more secure than other brands" they are STILL telling you the truth. Apple's products ARE still more secure. That's not fanboy opinion, it's simply reality.

        As well, it's true that phishing, etc. via email are threats everyone needs to worry about because they've got nothing to do with the operating system you use. They are entirely playing on vulnerabilities that are human-firmware based. (i.e. If you're dumb, they get ya).

        But again, it's not dishonest to say that Apple's are safer. They are. And it's not just because Apple has a smaller share of the market than Windows, either. OS X, in addition to very good security of other kinds, is unix-based. Unix has long been the operating system of mainframes, etc. that are in great need of great security and reliability. Apple was smart enough to reap those advantages, which resulted in one of the most secure and reliable systems out there.

        In 15 years of working daily on a Mac, I have never had any security issues... and where even the most modest threats have appeared in the wild, Apple has always promptly issued trouble-free security patches.
        jackster12
      • Bull to "and they still say that"

        [i]Last time I was in the Apple store to get my wife's iPhone 4 fixed because the home button didn't work right you can hear their sales pitch.[/i]

        They don't need to make a sales pitch. Your wife already owned an iPhone (surprise!) so there was nothing to sell. More phony stories, eh bobiroc?

        Besides, I've never heard a "sales pitch" while I was in an Apple store. The product sells itself. People tend to come into their stores with their minds already made up. There are exceptions to that, of course...

        [i]They still say as a Mac user you never have to worry about any type of infection or viruses because Apple makes their computers more secure than other brands.[/i]

        I don't believe that. Not for a second.
        ScorpioBlack
    • There's a difference between viruses and trojans

      This is a trojan. Trojans exploit na??ve users, not OS bugs. The best deadbolt lock in the world won't protect you when you choose to unlock the door and let the bad guy in.

      So far as I'm aware, there still aren't any actual viruses that infect OS X. All the Mac OS X malwares I've heard about have been trojans.

      (There were Mac viruses in the pre-OS X days.)
      stevenjklein
      • RE: There's a difference between viruses and trojans

        @stevenjklien: Yes there is a difference in how the malware gets on the computer, but the end result is the same. It's all a matter of perspective.

        The problem is actually with the Java runtime engine, which one could argue is not part of the OS, BUT... Apple is including a flawed version of Java with the default install of the OS, so who is really to blame here? The social engineering trick is only done after attempts at a direct exploit fail.

        Using your analogy - Apple is including a flawed deadbolt when they build the house. Apple may not make the deadbolt, but by including it in the design of the house they put you at risk. The bad guy can either pick the lock or try to trick you into letting him in - either way it's still a flaw.
        smtp4me@...
      • RE: There's a difference between viruses and trojans

        Welcome to 2012 Steven. In case you have been sleeping for a long time or living under a rock trojans and other methods of tricking the user to compromising their computer is about the only way computers get infected these days. But you can keep on dwelling on the the technicalities of the term "virus" and live in the past when viruses actually mattered.
        bobiroc
      • @stevenjklein EXACTLY

        EXACTLY. But listening to these Redmond fanboys is like listening to chicken little the sky is falling, the sky is falling.

        Macs in this day & age have a lot less to fear than PCs do. Something the Redmond crowd still can't get over from good old XP days. Some of them actually cheer this kind of stuff in spite of their phony, benevolent protestations otherwise.
        ScorpioBlack
  • So the same reasons Windows users get infected then?

    [ul][*]Unpatched Operating System[/ul]
    [ul][*]Upatched Plugins/3rd Party Software[/ul]
    [ul][*]Unsafe Browsing Habits[/ul]
    [ul][*]Social Engineering Attacks[/ul]
    bobiroc
  • Shadenfreude...

    There is no doubt that those who can't afford Macs will gleefully cheer the news of trojans now appearing for Macs. Obviously, nobody with brains has ever said of ANY operating system to be immune, impenetrable or any such thing. However, let us try to put this into perspective. On the Windows platform, there are two dozen new variants of trojans appearing daily. On the Mac we have no more than about 15 different variants TOTAL (in the 11 years of the OS X's existence). A fully-patched Windows XP computer (with no additional software, such as anti-virus) is compromised within minutes of being put on the internet; meanwhile, vast majority of Macs out there do not even run any antivirus, and have been exposed to the internet for years, without compromise. And almost half of all Windows PCs out there still run Windows XP...

    It will be years before that advice (buy Macs, they are much, much more safe) stops being good and sound advice. Until then, whenever a new trojan appears for a Mac (and they appear so rarely, they always make front pages), Windows users will get their chance to rejoice...
    Predrag Vasic
    • Shadenfreude...

      @Predrag Vasic

      "A fully-patched Windows XP computer (with no additional software, such as anti-virus) is compromised within minutes of being put on the internet; meanwhile, vast majority of Macs out there do not even run any antivirus, and have been exposed to the internet for years, without compromise. And almost half of all Windows PCs out there still run Windows XP...

      It will be years before that advice (buy Macs, they are much, much more safe) stops being good and sound advice. Until then, whenever a new trojan appears for a Mac (and they appear so rarely, they always make front pages), "




      Thats because nobody writes malware and viruses for Macs because there is not as large of a user base, hence, less chance for large profits for attackers. It is never good advice to buy a Mac because they are more safe and don't need antivirus protection. This is the same reason I run Linux. There is a smaller user base and nobody writes viruses for it. I am not naive enough to say it is safer and I don't need malware/virus protection (even though you can limit sudo, root, groups, etc...)

      BTW, I rejoice every time an Apple user gets infected on their "immune" machine because they took the good advice of an "apple genius" that said, "Macs cannot catch a cold, it is impossible." LMAO
      nogobo
      • Unix, unix, unix...

        No, no, and no... this "smaller base" argument probably has some validity, but it's far from the only or even the main reason that OS X is safer. OS X is safer because it's built on a proprietary version of Unix, which is arguably the safest system software ever written... largely because it's the operating software of mainframes and thus has been tested and fortified countless times over the years, by some people with major bucks to spend (prior to Apple even considering it for OS X). The same is true, too, for Linux.
        jackster12