Image composite by SecurityNewsDaily
By Matt Liebowitz, SecurityNewsDaily Staff Writer Oct 20, 2011
A new variant of a nasty Mac Trojan has been found in the wild. Picking up where its predecessor left off, the tweaked Trojan can disable the anti-virus software built into recent versions of Apple’s Mac OS X.
The Trojan, called “Flashback,” now rewrites the code that governs Apple’s XProtect anti-malware program, wiping out certain files and decrypting — and thereby disabling — its automatic updater component, XProtectUpdater, the security firm F-Secure wrote on its blog.
Researchers first spotted Flashback in late September; the Trojan was found hiding inside phony Adobe Flash Player installers and was capable of downloading malicious code to a computer running OS X, harvesting the system’s information and transmitting it to a remote server.
The new Flashback malware still poses as a Flash Player installer, and although some anti-virus products, such as the one offered by the security firm Sophos, detect Flashback as malware, the threat level is still high.
On the Sophos blog, senior technology consultant Graham Cluley wrote that Apple’s XProtect does not yet detect Flashback as malware. To test its potency, Cluley purposely infected a Mac computer in the lab not equipped with third-party anti-virus software, and “the malware installed without difficulty.”
As always, it’s important to understand that Macs are not immune to malware, and all Apple devices, from iPads to iPhones to iPods and laptops, can be compromised. If your computer presents you with a Flash Player installer update, or any suspicious and unsolicited software update, ignore it.