Fake FlashPlayer for Mac OS X leads to site redirection attacks

Fake FlashPlayer for Mac OS X leads to site redirection attacks

Summary: Researchers at F-Secure have intercepted a new malicious threat for Apple's Mac OS X -- a Trojan that redirects users to fake Google web sites.

SHARE:

Researchers at F-Secure have intercepted a new malicious threat for Apple's Mac OS X -- a Trojan that redirects users to fake Google web sites.

The Trojan is currently being delivered via fake a Adobe Flash Player (FlashPlayer.pkg) update, F-Secure said in a blog post.

Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands.

follow Ryan Naraine on twitter

The server at the IP address displays a fake webpage designed to appear similar to the legitimate Google site.

"Even though the [Google] page looks fairly realistic, clicking on any of the links does not take the user to any other sites. Clicking on the links does however open new pop-up pages, which are all pulled from a separate remote server," F-Secure said, nothing that this attack may be aimed at serving ads to infected Mac OS X machines.

Apple has struggled recently with scareware attacks on its platform and the latest sighting is further proof that the increase in Mac OS X market share has attracted the attention of malware writers.

Topics: Software, Apple, Hardware, Operating Systems

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

31 comments
Log in or register to join the discussion
  • Honestly, who are these nut jobs?

    I hope they get found and put in jail for a long time.
    Dietrich T. Schmitz, *~* Your Linux Advocate
    • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

      @Dietrich T. Schmitz, *~* Your Linux Advocate

      for the first time i actually agree with you
      Viper589
      • When it comes to safety and security

        @Knix96

        I am on your side. Don't forget that.
        Dietrich T. Schmitz, *~* Your Linux Advocate
      • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

        @Knix96 Me too :-)
        non-biased
    • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

      They are never satisfied making legit software as decoy for some dark intentions of destroying/acquiring important data from unaware users. Unfortunately for them, the availability of security software is rampant nowadays.

      <strong><a href="http://hlcgroup.net">Mortgage Rates</a></strong>
      <strong><a href="http://hlcgroup.net">Mortgage Louisville KY</a></strong>

      <strong><a href="http://LOWRISKPROFITS.COM">Options Strategies</a></strong>
      arthur.freed
  • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

    Finally OSX is getting some malware Luv!
    jatbains
    • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

      @jatbains
      Should we love it if your house is broken into? What about wishing malice on others makes you a good person?
      partman1969@...
  • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

    Funny I looked up that IP Address and came up with this:

    Bergdorf Group Ltd.
    org-type: other
    address: 3A Little Denmark Complex, 147 Main Street, PO Box 4473, Road Town, Torola, British Virgin Islands VG1110
    There is a person?s name associated with it:
    person: Agnes Jouaneau
    address: A Little Denmark Complex, 147 Main Street, PO Box 4473
    address: Road Town, Torola, VG1110
    address: British Virgin Islands
    Rick_Kl
  • Message has been deleted.

    athynz
    • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

      @athynz I agree the tide is turning! If there is money to be made the crooks will come!
      jatbains
    • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

      @athynz

      Most likely devised by F-Secure, to gain more business. Am I right? ;)
      The one and only, Cylon Centurion
      • Do you mean like Norton did in the 90's?

        @Cylon Centurion Guess who's lab in Spain developed the famous "Michelangelo" virus and ripped millions in scared purchases.
        wackoae
      • Message has been deleted.

        blind obedience
      • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

        [i]Most likely devised by F-Secure, to gain more business. Am I right?[/i]

        That wouldn't surprise me, either.
        ScorpioBlue
    • Never read that Macs are unable to get inflicted with a trojan; it is ...

      @athynz: ... impossible to avoid since users have to manually install this malicious software (hence the name, 'trojan'; see the history).

      So this 'irony' of yours is uneducated and pointless.
      DDERSSS
    • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

      @athynz Please do not confuse ignoramus' who DO NOT install anti-virus/malware software as a "sign" of a faulty OS.

      Fact is: my mac, with ClamXav installed is STILL more stable and without the need for daily security updates as any one of my PCs. To which, I have three; one operating on XP and the other two on Win7. It is literally an hour a day, daily episode of deciding what "updates" to accept from Mircosoft, then praying that said updates do not take down the Win side of my network. Yet I walk up to my Mac, sit down, get to work and make money. No muss, no fuss.

      Feel free to go back and tinker with regedit to get your system "right"
      frizzllefry
      • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

        @frizzllefry, Fact is my WIndows 7 laptop and desktop which receive "monthly updates" allow me to just walk up sit down and get right to work making a living. I'm not sure what "daily Microsoft updates" you are speaking of but in my little world updates are released monthly, pretty much the sames schedule for MAC updates. If you are spending an hour a day, daily, you are doing something incredibly wrong.

        Can't really remember the last time a Windows updates didn't install correctly or caused any grief on my 2 systems. And I will say the same of updates on my MAC mini. Can't actually remember one causing a problem.
        But an hour a day???
        jboettger@...
      • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

        @frizzllefry What a load of crap. 1 hr daily? Come on. Deciding "which updates to accept"? Gimme a break. I spend 2 minutes every 2-3 weeks (at most, I'm not sure) just clicking on "Install important updates". Service packs I usually leave for later, but the small updates take...what...10 minutes to download an install? And that's just because personally I chose to review and accept all updates manually - I'm a control freak. But my dad and mom's computers spend exactly ZERO minutes "accepting" updates. They just get 'em.

        One more thing: If you think that because you're not getting security updates as often as Windows is because Mac OS doesn't need them, well, you're more naive than you think and wish you good luck.
        fer.paredesb@...
      • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

        @frizzllefry
        My friend, the only fact in this thread is that it contains no facts?? Period!!
        eargasm
    • RE: Fake FlashPlayer for Mac OS X leads to site redirection attacks

      @athynz
      So as a MacBook Pro user, I won't install it.
      partman1969@...