Mac Users, Beware: New Flashback Trojan Variant is Stealthier and Deadlier

Gone are the days when the Mac was a virtually virus-proof machine. This fact was cemented with the Flashback trojan outbreak that infected over 600,000 machines at its peak. Apple and anti-virus firms have since released patches and trojan removal tools to helps users get rid of the virus.

But the attacks are far from over. Security firm Intego recently discovered a new variant of Flashback, which it has dubbed as Flashback.S. Intego explains that it’s a more dangerous strain because it’s stealthier and installs automatically without prompting the user for a password.

This is unlike the previous variant of Flashback that was discovered two months ago, which requested users to enter a password so that it could have administrative privileges. It didn’t need this level of access to wreak havoc on your system, although ignoring its request for permissions made detecting the presence of the trojan much easier.

No password is required for this variant to install, and it places its files in the user’s home folder, at the following locations:

  • ~/Library/LaunchAgents/com.java.update.plist
  • ~/.jupdate

It then deletes all files and folders in ~/Library/Caches/Java/cache in order to delete the applet from the infected Mac, and avoid detection or sample recovery.

– Intego

Flashback.S continues to exploit the same Java vulnerability in Macs but in a sneakier manner. This strain no longer requires any action on the part of the user. Macs with Java versions that haven’t been patched or updated are at risk of infection, since the malware will automatically be downloaded and installed on the system without user action or intervention.

If you’re a Mac user, then here’s what you have to do: download the latest security updates from Apple, disable Java if you aren’t using it, or download patches to address the vulnerabilities in Java if you are.

Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices

Comments