toggle

AAPL Stock: 100.96 ( -0.83 )

Printed from http://www.macnn.com

Flashback.G Trojan uses three-pronged attack on Macs

updated 09:45 am EST, Fri February 24, 2012

Dupes users with fake Apple certificate

A new variant of the Flashback Trojan is infecting Macs, says security firm Intego. Dubbed Flashback.G, the malware is reported to use three different methods to try and infect a Mac. The first two involve Java vulnerabilities, which are stopped if a computer's Java installation is up to date. If a system has an outdated version of Java however, the Trojan may be able to install itself without a chance to intervene.

If the Java techniques fail the Trojan then pops up an applet, asking users if they want to allow "content signed by 'Apple Inc.'" to have access to their machine. In reality the certificate is self-signed by the Trojan's creators, and clicking "Continue" will install the malware. Intego notes that the Trojan will actually avoid installation if it detects antivirus software, presumably in order to avoid drawing attention to itself.

Once on a Mac the malware is said to infect web browsers and other network applications, like Skype, monitoring for domains such as Google, Yahoo, PayPal, and bank websites. Intego suggests that the code is built to exploit person's usernames and passwords wherever possible. Because Flashback.G actually interferes with an app's code, one sign of its presence is that apps will crash.

Intego also comments that most reported cases are linked to Macs running OS X Snow Leopard, as that operating system has Java pre-installed, while Lion doesn't. Simply using Software Update in Snow Leopard should be enough to make sure a computer is protected. The major threat is people being deceived by the fake certificate, although unlike many Mac Trojans, a person doesn't have to intentionally download a file to put their computer at risk. The malware can be manually removed by deleting a Java applet from OS X 's ~/Library/Caches directory.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. facebook_Michael

    Via Facebook

    Joined: Feb 2012

    +2

    So

    How does one get this trojan, hmmm?

  1. Mr. Strat

    Joined: Dec 1969

    0

    So...

    Buy our anti-virus software, and you won't have to worry about it.

    s**** ya.

  1. Flying Meat

    Joined: Dec 1969

    +2

    Re: So...

    More appropriately, get an Anti-Virus product.
    You don't actually have to buy an Anti-Virus product as there are free ones available.
    The article indicates that the trojan avoids installation "if it detects anti-virus software". It doesn't specify a specific AV product.

  1. thebroz

    Joined: Dec 1969

    +8

    What java applet?

    The article says "The malware can be manually removed by deleting a Java applet from OS X 's ~/Library/Caches directory."
    What is the name of the applet? I suppose deleting everything I find in there with .java on the end is sufficient...

  1. thebroz

    Joined: Dec 1969

    +11

    What java applet?

    The article says "The malware can be manually removed by deleting a Java applet from OS X 's ~/Library/Caches directory."
    What is the name of the applet? I suppose deleting everything I find in there with .java on the end is sufficient... Except it isn't. I've got perhaps a hundred .java apps in there installed by IntelliJ. Granted, it's a Caches folder, and thus deleting anything or everything there should not cause too much harm. It would probably cause a lot of inconvenience.
    Why not just name the file in the article?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

toggle

Most Commented