Mac malware disguised as Adobe Flash update

News by SC Staff

Warnings have been made about a Mac Trojan downloader that appears as an installer for Adobe's Flash Player.

Warnings have been made about a new Mac Trojan downloader that appears as an installer for Adobe's Flash Player.

According to Mac security company Intego, ‘OSX/flashback.A' encourages users visiting certain malicious websites to download and install Flash Player.

Intego said that as Mac OS X Lion does not include Flash Player, some users may be fooled to think it is a real installation link; however, upon clicking the link, an installation package downloads and the Mac OS X Installer will launch if Safari is used.

If the user proceeds with the installation procedure, the installer for the Trojan will deactivate some network security software and then delete the installation package itself. The malware installs a dynamic loader library and auto-launch code, allowing it to inject code into applications the user launches.

This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server and sends information about the infected Mac to it, allowing the malware to detect if a Mac is infected.

Intego said this a low-risk threat with only one report of the malware made, although it has been seen in the wild.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop