Intego, a company whose goal is to provide Mac users with full protection from all the dangers of the Internet, announced they have discovered a new Trojan horse, Flashback, which masquerades as a Flash Player installer. This Trojan horse is in the wild, and has some disturbing actions.
If you visit certain malicious websites, you might see a link or an icon to download and install Flash Player. OS X Lion doesn't include Flash Player, so some might think this is a legit installation link. If you click the link, an installation package downloads, and, if you are using Safari with the default settings, the OS X Installer will launch. Since Safari considers installer packages, with .pkg or .mpkg extensions, to be "safe" files, the default settings allow the app to launch them immediately after download.
If you proceed with the install, the installer for this Trojan horse will deactivate some network security software, and, after installation, will delete the installation package itself. The malware installs a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches. This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server, and sends information about the infected Mac to this server: this includes the computer’s MAC address, a unique identifier. This will allow the malware to detect if a Mac is infected.
Do not download a Flash Player installer from any site other than adobe.com. OS X Lion does not include Flash Player, but users who wish to install this software should visit Adobe’s website.
Next, if you use Safari, Intego advises that you uncheck Open "safe" files after downloading in the General preferences. This will prevent installer packages from launching automatically.
Finally, if an installer claiming to be a Flash Player installer appears, you should be very careful to ensure that you did, indeed, download it from Adobe’s web site. If not, you should quit the installer.
Intego offers several products that can defend and scan against this type of malware; for more information about them, you can visit their website or the Apple Mac App Store.
Adrian covers daily news as well as the weekly Law & Apple column for MacLife.com. You can follow him on Twitter, if you want to.
dyusis371
October 03, 2011 at 7:20am
This new was published at mackeeper.zeobit.com/secutityBlog/FlashMalware earlier (15 august)
Youngnoblehome, I recommend to install antivirus and keep real-time protection ON. It will help I suppose.
Rumple
September 27, 2011 at 12:02pm
I just had "update" flash recently. So I did so I may have it. One thing that probably is a good idea too is not to have Adobe inform you of new updates. It can make you more careless about downloading something like this. I hope I don't' have it.
bemer2six
September 27, 2011 at 11:43am
how do you ck to see if you have it and if you do how do you kill it???
youngnoblehome
September 27, 2011 at 6:34am
So how do you check and see if you have this trojan? and What do you do if you do have it? How do you get rid of it?
