Flashback Mac trojan is back with new and improved exploit strategy

[nsane.forums]

The "Flashback" Mac trojan is back, and it's smarter than ever. Mac security company Intego says the latest variant, Flashback.G, uses three new methods in order to make its way onto Macs, though it won't install itself at all if it detects a number of antivirus or anti-malware security programs already installed.

"The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention," Intego wrote on its Mac Security Blog on Thursday. "If these vulnerabilities are not available—if the Macs have Java up to date—then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue."

The Intego team believes the latest Flashback variant won't install when it detects security software in order to avoid detection, instead choosing to move onto the plethora of other Macs that aren't protected. As for what it does, the malware injects code into apps that can access the network and then searches for usernames and passwords to exploit, and can even automatically update itself if its developers decide to push out an update.

Further reading

• Mac trojan pretends to be Flash Player Installer to get in the door (arstechnica.com)
  
• (arstechnica.com)
  
• on Mac trojan disables built-in OS X malware protections ()
  

View: Original Article

[OrbingStorm]

I still come across a lot of ppl that are switching to macs because they believe the mac hype that they dont get malware..I can only see an increase of mac related malware..

[HH5]

So much for the new Mac I was going to get.