New Mac OS X trojan spotted in the wild

New Mac OS X trojan spotted in the wild

Summary: Security researchers from Intego, have intercepted several new variants of the Flashback Mac OS X trojan.

SHARE:

Security researchers from Intego, have intercepted several new variants of the Flashback Mac OS X trojan.

According to the company, the new variants of the Flashback trojan use three different infection vectors in an attempt to trick end users into installing the malware.

More details on the infection vectors:

This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.

Once the end user gets tricked into installing the malware, the Flashback trojan will patch web browsers and network applications in order to search for user names and passwords. Targeted web sites include, Google, Yahoo! CNN, numerous banking web sites, PayPal and many others. What's particularly interesting about the  Flashback trojan is the fact that it has an auto-update feature periodically phoning back to several web sites in order to check for updates.

Intego is advising users running OS X 10.6, to update Java immediately.

Topics: Apple, Hardware, Malware, Operating Systems, Security, Software

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

53 comments
Log in or register to join the discussion
  • Social Engineering still best bet for infection

    My anti-malware will save me .... CLICK
    BrentRBrian
    • RE: My Antimalware will save me

      The funny thing that is so true. It is this belief that just because a person has Antivirus Software they are safe from clicking on things. What they don't understand is if they ignore the warnings and give malware like this permission to install then they are bypassing their anti-malware software basically saying it is OK.
      bobiroc
      • Too bad

        Cause there's not a damn thing you nor I can do about it; there's always gonna be a pebcak vulnerability where ever there's a computer :(
        MrElectrifyer
      • ...and...

        ...it's non-denominational regarding the operating system, browser, gender, politics, age, race, etc. etc. etc.
        MyopicOne
    • Not only for computer infections....

      With the proper social engineering, you will get you anything including things give you VD.
      phatkat
    • you joke... but in this case that's actually true

      That's the one of the most important pieces of Intego's post that Dancho didn't feel relevant to include:

      [i]It is worth noting that Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac in question. It does this to avoid detection. It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren???t protected. [/i]
      UrNotPayingAttention
      • buy out (anti)virus or...

        Nice try to convince people they need this "antivirus" junk.
        danbi
  • Mac Trojans are so rare that when one is actually discovered in the wild

    It makes news! All Social Engineering Trojans are a minor annoyance that an educated computer user learns how to deal with them over time.
    kenosha77a
    • RE: computer user learns how to deal with them over time.

      If only that was true. Unfortunately for many people it is not. The information on how to deal with these tricks and how to protect themselves can be hand fed to many and yet they will still ignore and blindly click.
      bobiroc
      • That sounds like something...

        ...the typical Windows user would do.

        Tell me @bobiroc, do you go to Windows blogs and warn them all about all this? They [b]do[/b] need your simplistic help over there, ya know. ;)
        ScorpioBlack
    • Certificates Don't Work - this is not a user error

      Do you really expect users to NOT trust a certificate that apparently comes from Apple? I bet that this trick will have a success rate higher than 99%.

      And the red text and stuff that is supposed to warn us that the cert is not trusted - any normal user, and even advanced users will assume that that is some sort of annoying system error that we want to just click away.

      This is not a bug with the user - this is a colossal failure of the whole certificate system. Certificates are out of date all the time, and then they're untrusted - users have learned to deal with that.
      orthorim
      • A certificate system...

        ...that was developed for the Windows ecosystem in the first place.

        Trust me, it doesn't work very well over there either. ;)
        ScorpioBlack
    • How do you think they learn over time?

      By getting infected in the first place. People need to learn these things the hard way. I've noticed the same thing with data backups. The only people that do them properly are the people that have lost data in the past.
      kstap
      • Bit harsh?

        Financial devastation, yeah, that'll learn 'em.
        And getting maimed or killed by not looking both ways before crossing a street will also leave a lasting impression. But still... harsh.
        tkeller1
      • RE: Bit Harsh?

        @tkeller

        but he is not wrong. Even with the easy to use and effective built in back up options built into modern OSes like OS X and Windows Vista/7 most people still think it too much of a bother to hook up a USB hard drive and click a few clicks to set up an automatic backup.

        The same goes for Malware and scams. It is too much effort to verify something is legit or true before blindly clicking that link to see a video that leads to malware or get scammed by some offer to get a person something for free. They pass chain letters in email and in facebook status updates and faked pictures to try and justify their religious or political beliefs when all they have to do is spend a few minutes to check the many sites that debunk and expose such scams and myths.
        bobiroc
      • Re: How do you think they learn over time?

        Unfortunately I know several professional Mac users who do not see a need for virus protection or using caution, because the believe a Mac can not be infected. Their solution, if their Mac gives trouble wipe the drive and reinstall. How much time would decent virus protection save them? Some Mac users are so arrogant when it comes to this stuff.
        keane01
    • PWN2OWN and 'security via obscurity'

      not the best way to do things...
      HypnoToad72
    • Yes, but...

      Yes, but Mac users tend to NOT be educated computer users - they picked the Mac to avoid the hassle of thinking about security.

      A sweeping generalisation, I know, but in my experience, very true.
      Imrhien
  • However...

    Old people who bought a Mac exactly to get away from this issue on windows aren't educated and will get trapped. Also it looks for Security leaks in Java first and since old people don't even know what updating software is, you'll bet it's an issue. My grandpa will get robbed.
    Let's take a neutral look at this
    • Right. Because people buying Macs have never used Windows

      before. After all, it only has 90% marketshare.
      baggins_z