AAPL Stock: 118.03 ( -0.85 )

Printed from

Intego: new Flashback variant masquerades as Software Update

updated 01:35 am EST, Thu March 8, 2012

Malware may sniff for user names, passwords

A new malware threat dubbed Flashback.N, is actually a variant of an older one, claims anti-virus software maker Intego in a new blog post. Users who visit hacked or maliciously-crafted websites may see a delay, followed by a false password-request dialog box claiming to be from "Software Update." If accidentally installed, the malware inserts code into Safari's resources and will attempt to search network traffic for user names and passwords.

The malware seems to be most often found on sites hosting Wordpress blogs that are out-of-date, which allows hackers to install a backdoor on the servers that will try to re-direct Mac users to the sites that pop up the false "Software Update" password dialog. The difference between the "fake" Software Update alert and a real one is pictured below.

Intego also says it has found evidence that the authors of the Flashback malware, which has recently been trying to exploit holes in Java to present false certificates, are the same people behind the Mac Defender "fake anti-virus" malware last spring.

The company urges those hosting Wordpress sites to make sure their Wordpress software is up-to-date and that their administrative passwords are strong. A false plug-in for Wordpress called "ToolsPack" is also to be avoided, as it is the software that installs the backdoor on the server.

Mac users should be aware of the difference between a false Software Update dialog box and a real one and avoid supplying their password to a Software Update dialog that pops up while visiting a strange website. Intego users are already protected from the malware, and Apple is likely to update its anti-malware definitions in the near future to prevent the pop-up from succeeding in installing malicious code.

False Software Update dialog

Genuine Software Update dialog

by MacNN Staff



  1. Mr. Strat

    Joined: Dec 1969



    Oh looky - a company that sells anti-virus software warning us about malware which their product protects us from.

  1. testudo

    Joined: Dec 1969



    The mac community ignores yet another malware threat and will, in the future, continue to pretend that there's no viruses or attacks on the mac.

    BTW, at least one of the variants installed itself on the computer without any user interaction or notification at all. But, I know, it's not really that big a deal, since it didn't get root access, and that's all that matters. If they delete all your files, not a problem, as long as they can't access your video driver or something.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented