AAPL Stock: 112.51 ( + 0.73 )

Printed from

Intego: new Flashback variant masquerades as Software Update

updated 01:35 am EST, Thu March 8, 2012

Malware may sniff for user names, passwords

A new malware threat dubbed Flashback.N, is actually a variant of an older one, claims anti-virus software maker Intego in a new blog post. Users who visit hacked or maliciously-crafted websites may see a delay, followed by a false password-request dialog box claiming to be from "Software Update." If accidentally installed, the malware inserts code into Safari's resources and will attempt to search network traffic for user names and passwords.

The malware seems to be most often found on sites hosting Wordpress blogs that are out-of-date, which allows hackers to install a backdoor on the servers that will try to re-direct Mac users to the sites that pop up the false "Software Update" password dialog. The difference between the "fake" Software Update alert and a real one is pictured below.

Intego also says it has found evidence that the authors of the Flashback malware, which has recently been trying to exploit holes in Java to present false certificates, are the same people behind the Mac Defender "fake anti-virus" malware last spring.

The company urges those hosting Wordpress sites to make sure their Wordpress software is up-to-date and that their administrative passwords are strong. A false plug-in for Wordpress called "ToolsPack" is also to be avoided, as it is the software that installs the backdoor on the server.

Mac users should be aware of the difference between a false Software Update dialog box and a real one and avoid supplying their password to a Software Update dialog that pops up while visiting a strange website. Intego users are already protected from the malware, and Apple is likely to update its anti-malware definitions in the near future to prevent the pop-up from succeeding in installing malicious code.

False Software Update dialog

Genuine Software Update dialog

by MacNN Staff





  1. Mr. Strat

    Joined: Dec 1969



    Oh looky - a company that sells anti-virus software warning us about malware which their product protects us from.

  1. testudo

    Joined: Dec 1969



    The mac community ignores yet another malware threat and will, in the future, continue to pretend that there's no viruses or attacks on the mac.

    BTW, at least one of the variants installed itself on the computer without any user interaction or notification at all. But, I know, it's not really that big a deal, since it didn't get root access, and that's all that matters. If they delete all your files, not a problem, as long as they can't access your video driver or something.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...


Most Commented