Flashback Trojan in the Wild

Published: 2012-02-24
Last Updated: 2012-02-24 19:06:48 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

A Mac Trojan named Flashback released last year masquerading as a Flash Player installer appears to back under a new variant. A new variant of the Flashback Java Trojan known as Flashback.G is circulating in the wild running on OS X 10.6 (Snow Leopard). According to Intego, if your system has been compromised, Safari and Skype maybe prone to frequent crashes and find a Java applet in ~/Library/Caches.

"It is worth noting that Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac in question."[1]

[1] http://blog.intego.com/flashback-mac-trojan-horse-infections-increasing-with-new-variant/
[2] http://www.macrumors.com/2012/02/24/flashback-trojan-returns-with-a-multi-pronged-infection-strategy/
[3] http://isc.sans.org/diary/Apple+Improving+OS+X+Anti-Malware+Feature/10951

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

2 comment(s)

Comments

This one appears to be the first true virus for MacOS X, it can infect without user interaction if your system's Java isn't patch fully (if it is then it tries the old trojan social engineering path). Is anyone aware of a previous piece of malware that could infect MacOS X without requiring social engineering?
Looks like an sales attemp of VirusBarrier to me,

All articles I've found on the web regarding this issues have been copies, or translations of the source article written by Intego.

The other source I found Was on the forum of Sophos,
http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Flashback-G/m-p/5369#M2618
Please note the link in the article to the website of Intego....... Note the screendump, note the age of the poster ... 1 day after the original report.

If after 3 days none of the other av-companies have reported such a trojan/virus how serious would this threat be?

Best Regards

Diary Archives