It's real! Mac Flashback trojan gets back

Written by: Gina on 14 February 2012

A new version of previous Mac Flashback Trojan which was first discovered in September is using Java flaws to infect Macs with limited user's interference.

Once active Trojan starts to disable the Mac’s security software and installs a dynamic loader library and auto-launch code which allows it in inject code into programs users are loading. The mentioned code sends all information about infected Mac to remote server.

This version of Mac's Trojan explores two Java vulnerabilities that help entering the system without user's intervention. It should be mentioned that the patch of Java for Mac OS X was issued and helped to fix these security holes.

Intego commented: "If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue," and added: "Found in the wild, this new variant installs an executable file in the /tmp directory, applies executable permissions with the chmod command, then launches the executable with the nohup command. The Flashback backdoor is then active with no indication to users that anything untoward has happened."

Share on:

More News