toggle

AAPL Stock: 128.54 ( -0.82 )

Printed from http://www.macnn.com

Flashback.G Trojan uses three-pronged attack on Macs

updated 09:45 am EST, Fri February 24, 2012

Dupes users with fake Apple certificate

A new variant of the Flashback Trojan is infecting Macs, says security firm Intego. Dubbed Flashback.G, the malware is reported to use three different methods to try and infect a Mac. The first two involve Java vulnerabilities, which are stopped if a computer's Java installation is up to date. If a system has an outdated version of Java however, the Trojan may be able to install itself without a chance to intervene.

If the Java techniques fail the Trojan then pops up an applet, asking users if they want to allow "content signed by 'Apple Inc.'" to have access to their machine. In reality the certificate is self-signed by the Trojan's creators, and clicking "Continue" will install the malware. Intego notes that the Trojan will actually avoid installation if it detects antivirus software, presumably in order to avoid drawing attention to itself.

Once on a Mac the malware is said to infect web browsers and other network applications, like Skype, monitoring for domains such as Google, Yahoo, PayPal, and bank websites. Intego suggests that the code is built to exploit person's usernames and passwords wherever possible. Because Flashback.G actually interferes with an app's code, one sign of its presence is that apps will crash.

Intego also comments that most reported cases are linked to Macs running OS X Snow Leopard, as that operating system has Java pre-installed, while Lion doesn't. Simply using Software Update in Snow Leopard should be enough to make sure a computer is protected. The major threat is people being deceived by the fake certificate, although unlike many Mac Trojans, a person doesn't have to intentionally download a file to put their computer at risk. The malware can be manually removed by deleting a Java applet from OS X 's ~/Library/Caches directory.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. facebook_Michael

    Via Facebook

    Joined: Feb 2012

    +2

    So

    How does one get this trojan, hmmm?

  1. Mr. Strat

    Joined: Dec 1969

    0

    So...

    Buy our anti-virus software, and you won't have to worry about it.

    s**** ya.

  1. Flying Meat

    Joined: Dec 1969

    +2

    Re: So...

    More appropriately, get an Anti-Virus product.
    You don't actually have to buy an Anti-Virus product as there are free ones available.
    The article indicates that the trojan avoids installation "if it detects anti-virus software". It doesn't specify a specific AV product.

  1. thebroz

    Joined: Dec 1969

    +8

    What java applet?

    The article says "The malware can be manually removed by deleting a Java applet from OS X 's ~/Library/Caches directory."
    What is the name of the applet? I suppose deleting everything I find in there with .java on the end is sufficient...

  1. thebroz

    Joined: Dec 1969

    +11

    What java applet?

    The article says "The malware can be manually removed by deleting a Java applet from OS X 's ~/Library/Caches directory."
    What is the name of the applet? I suppose deleting everything I find in there with .java on the end is sufficient... Except it isn't. I've got perhaps a hundred .java apps in there installed by IntelliJ. Granted, it's a Caches folder, and thus deleting anything or everything there should not cause too much harm. It would probably cause a lot of inconvenience.
    Why not just name the file in the article?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, it's not exactly something most people put a lot of thought into. Printers are often touted as ...

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...

OmniPlan (OS X, iOS)

We reviewed the Omni Group's most famous Mac software, a To Do app called OmniFocus, back in June 2014, and we were impressed. Some o ...

toggle

Most Commented