Suppose you're surfing and suddenly you see a notification that software on your computer needs to be patched. Sounds urgent, right? You don't want to be wandering the Web with outdated software, and you might be inclined to click through the update process without a second though.
That's exactly what the criminals behind a new malware campaign targeting Mac users are counting on. Researchers found the MacDownloader malware hiding inside a fake Adobe Flash update installer.
Run it, and midway through the bogus installation process you'll be alerted to the discovery of some nasty adware on your Mac. There's no adware, of course. It's just the next step in the scam.
Image: Intego
Click to "remove" the adware, and you'll be prompted to enter your admin password. Once MacDownloader has your password it tries to establish a connection to a remote server so that it can transmit data. What kind of data? The contents of your Keychain: usernames, passwords, PINs, credit card numbers... whatever private information a Mac user has stored in it.
Fortunately, MacDownloader doesn't appear to pose a major risk to Mac users at the moment. The remote server it tries to connect to has been taken offline, so there's nothing controlling its activities at the moment. It's quite likely, however, that its authors will fix the flaws that security researchers discovered in its code (and poorly-written dialogues) and release an updated version.
How To Protect Yourself
Instead of trusting a mysterious pop-up window that appears on your Mac, here's how you should check to see if your Flash player needs an update. Press command and space bar to bring up Spotlight, then type in "Flash Player" and click on the system preference for it. Click on the "Updates" tab, and then click "check now."
I've reached out to both Adobe and Apple for comments on MacDownloader and will update this post with their responses.
