The Trojan Horse, discovered by security firm Intego, has been found on malicious web sites that invite users to install the phony Flash Player, telling them it is required to access certain content. Since Mac OS X Lion doesnât come with Flash preinstalled, users must manually install it. Intego categorized the threat from Flashback as "low."
The new malware is said to specifically target Lion, and replicates the look and feel of the real Flash installer. It includes design elements and logos that could convince some users it is the actual official software from Adobe.
Once the Trojan is installed on the system, it will delete the installer package and deactivate some network security software. The code used by Flashback can be injected in certain applications run on the computer and the Trojan can connect to remote servers in order to send specific information about the infected computer — including its MAC address, which is a unique identifier for every machine.
Lion users can protect themselves by downloading the official Flash Player installation player from Adobe. Users should also check the origin of any file claiming to be a Flash Player installer.
Users should also uncheck the "Open 'safe' files after downloading" option in Apple's Safari browser under General Preferences. This will help ensure that the Flashback installer is not automatically run if downloaded.
Users can also manually check to see whether they were infected by looking for the file "~/Library/Preferences/Preferences.dylib" on their Mac.
Apple has already distributed a malware definition update to block another Trojan horse, âTrojan-Dropper:OSX/Revir.A,â described late last week as a malicious program posing as a PDF download.
42 Comments
Further research has shown the trojan is actually Adobe Flash itself and the installer actually is the Flash installer.
What? Steals your resources, slows down your computer, crashes your browser?
Run down the list and it fits perfectly.
Further research has shown the trojan is actually Adobe Flash itself and the installer actually is the Flash installer..
Dang you beat me to it! lol
Further research has shown the trojan is actually Adobe Flash itself and the installer actually is the Flash installer.
What? Steals your resources, slows down your computer, crashes your browser?
Run down the list and it fits perfectly.
Dang you beat me to it! lol
Apple has already distributed a malware definition update to block another Trojan horse, ?Trojan-Dropper:OSX/Revir.A,? described late last week as a malicious program posing as a PDF download
That's the problem with blacklists as an exclusive method. They need to be updated constantly. Heurisitics-based AV has been around for decades.
Further research has shown the trojan is actually Adobe Flash itself and the installer actually is the Flash installer.
What? Steals your resources, slows down your computer, crashes your browser?
Run down the list and it fits perfectly.
Dang you beat me to it! lol
Disguise? Not. I can tell this is going to be one of those threads