Mac OS X Trojan horse disguised as a Flash installer

Yes, Virginia, there are Mac viruses… but you have to be tricked into installing them. This seems to be the strategy behind a new trojan horse on the scene, called “Flashback”, which disguises itself as an Adobe Flash installer in hopes that you’ll double click. The virus targets Lion users specifically, and was discovered by security firm Intego.

Viruses have a really hard time self-executing on the Macintosh (as opposed to Windows which, historically, made things a little easier for viruses by auto-executing stuff fairly regularly), so a malicious app has to lure you into launching it. This is done on some malicious websites which tell you that you need the latest version of Flash to view the content (and, as Macs don’t come with Flash pre-installed, it’s not an unusual thing to see) and then links you to the file disguised as an installer. Once installed, it turns off network security features and starts sending your personal data to remote servers.

It’s easy to circumvent the nefarious plans of Flashback, however:

– If you’re going to install Flash, go to www.adobe.com and get the file from there.

– Uncheck “Open ‘safe’ files after downloading” in your browser preferences.

If you think you might be infected, you can check for this file: “~/Library/Preferences/Preferences.dylib” …and, if it exists, then yes you are.

Source: AppleInsider

Corey has been been a tech journalist with a focus on Apple since 1998 and has written for The Loop, MacHome magazine, and as games contributor for The Mac Bible, and co-hosts the iGame Radio Podcast. He works as a corporate consultant and professional musician in Ottawa, Ontario.