AAPL Stock: 130.42 ( + 1.63 )

Printed from

Intego: new Flashback variant masquerades as Software Update

updated 01:35 am EST, Thu March 8, 2012

Malware may sniff for user names, passwords

A new malware threat dubbed Flashback.N, is actually a variant of an older one, claims anti-virus software maker Intego in a new blog post. Users who visit hacked or maliciously-crafted websites may see a delay, followed by a false password-request dialog box claiming to be from "Software Update." If accidentally installed, the malware inserts code into Safari's resources and will attempt to search network traffic for user names and passwords.

The malware seems to be most often found on sites hosting Wordpress blogs that are out-of-date, which allows hackers to install a backdoor on the servers that will try to re-direct Mac users to the sites that pop up the false "Software Update" password dialog. The difference between the "fake" Software Update alert and a real one is pictured below.

Intego also says it has found evidence that the authors of the Flashback malware, which has recently been trying to exploit holes in Java to present false certificates, are the same people behind the Mac Defender "fake anti-virus" malware last spring.

The company urges those hosting Wordpress sites to make sure their Wordpress software is up-to-date and that their administrative passwords are strong. A false plug-in for Wordpress called "ToolsPack" is also to be avoided, as it is the software that installs the backdoor on the server.

Mac users should be aware of the difference between a false Software Update dialog box and a real one and avoid supplying their password to a Software Update dialog that pops up while visiting a strange website. Intego users are already protected from the malware, and Apple is likely to update its anti-malware definitions in the near future to prevent the pop-up from succeeding in installing malicious code.

False Software Update dialog

Genuine Software Update dialog

by MacNN Staff





  1. Mr. Strat

    Joined: Dec 1969



    Oh looky - a company that sells anti-virus software warning us about malware which their product protects us from.

  1. testudo

    Joined: Dec 1969



    The mac community ignores yet another malware threat and will, in the future, continue to pretend that there's no viruses or attacks on the mac.

    BTW, at least one of the variants installed itself on the computer without any user interaction or notification at all. But, I know, it's not really that big a deal, since it didn't get root access, and that's all that matters. If they delete all your files, not a problem, as long as they can't access your video driver or something.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

OmniPlan (OS X, iOS)

We reviewed the Omni Group's most famous Mac software, a To Do app called OmniFocus, back in June 2014, and we were impressed. Some o ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...


Most Commented