X
Business

New Mac OS X trojan spotted in the wild

Security researchers from Intego, have intercepted several new variants of the Flashback Mac OS X trojan.
Written by Dancho Danchev, Contributor

Security researchers from Intego, have intercepted several new variants of the Flashback Mac OS X trojan.

According to the company, the new variants of the Flashback trojan use three different infection vectors in an attempt to trick end users into installing the malware.

More details on the infection vectors:

This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.

Once the end user gets tricked into installing the malware, the Flashback trojan will patch web browsers and network applications in order to search for user names and passwords. Targeted web sites include, Google, Yahoo! CNN, numerous banking web sites, PayPal and many others. What's particularly interesting about the  Flashback trojan is the fact that it has an auto-update feature periodically phoning back to several web sites in order to check for updates.

Intego is advising users running OS X 10.6, to update Java immediately.

Editorial standards