Warnings have been made about a new Mac Trojan downloader that appears as an installer for Adobe's Flash Player.
According to Mac security company Intego, ‘OSX/flashback.A' encourages users visiting certain malicious websites to download and install Flash Player.
Intego said that as Mac OS X Lion does not include Flash Player, some users may be fooled to think it is a real installation link; however, upon clicking the link, an installation package downloads and the Mac OS X Installer will launch if Safari is used.
If the user proceeds with the installation procedure, the installer for the Trojan will deactivate some network security software and then delete the installation package itself. The malware installs a dynamic loader library and auto-launch code, allowing it to inject code into applications the user launches.
This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server and sends information about the infected Mac to it, allowing the malware to detect if a Mac is infected.
Intego said this a low-risk threat with only one report of the malware made, although it has been seen in the wild.