Mac OS X Trojan horse disguised as a Flash installer

| Tuesday, September 27th, 2011

Yes, Virginia, there are Mac viruses… but you have to be tricked into installing them. This seems to be the strategy behind a new trojan horse on the scene, called “Flashback”, which disguises itself as an Adobe Flash installer in hopes that you’ll double click. The virus targets Lion users specifically, and was discovered by security firm Intego.

Viruses have a really hard time self-executing on the Macintosh (as opposed to Windows which, historically, made things a little easier for viruses by auto-executing stuff fairly regularly), so a malicious app has to lure you into launching it. This is done on some malicious websites which tell you that you need the latest version of Flash to view the content (and, as Macs don’t come with Flash pre-installed, it’s not an unusual thing to see) and then links you to the file disguised as an installer. Once installed, it turns off network security features and starts sending your personal data to remote servers.

It’s easy to circumvent the nefarious plans of Flashback, however:

– If you’re going to install Flash, go to www.adobe.com and get the file from there.

– Uncheck “Open ‘safe’ files after downloading” in your browser preferences.

If you think you might be infected, you can check for this file: “~/Library/Preferences/Preferences.dylib” …and, if it exists, then yes you are.

Source: AppleInsider

Next Up On Macgasm

View Article