Intego, a company whose goal is to provide Mac users with full protection from all the dangers of the Internet, announced they have discovered a new Trojan horse, Flashback, which masquerades as a Flash Player installer. This Trojan horse is in the wild, and has some disturbing actions.

If you visit certain malicious websites, you might see a link or an icon to download and install Flash Player. OS X Lion doesn't include Flash Player, so some might think this is a legit installation link. If you click the link, an installation package downloads, and, if you are using Safari with the default settings, the OS X Installer will launch. Since Safari considers installer packages, with .pkg or .mpkg extensions, to be "safe" files, the default settings allow the app to launch them immediately after download.

If you proceed with the install, the installer for this Trojan horse will deactivate some network security software, and, after installation, will delete the installation package itself. The malware installs a dyld (dynamic loader) library and auto-launch code, allowing it to inject code into applications the user launches. This code, installed in a file at ~/Library/Preferences/Preferences.dylib, connects to a remote server, and sends information about the infected Mac to this server: this includes the computer’s MAC address, a unique identifier. This will allow the malware to detect if a Mac is infected.

Steps To Protect Your Mac

Do not download a Flash Player installer from any site other than adobe.com. OS X Lion does not include Flash Player, but users who wish to install this software should visit Adobe’s website.

Next, if you use Safari, Intego advises that you uncheck Open "safe" files after downloading in the General preferences. This will prevent installer packages from launching automatically.

Finally, if an installer claiming to be a Flash Player installer appears, you should be very careful to ensure that you did, indeed, download it from Adobe’s web site. If not, you should quit the installer.

Intego offers several products that can defend and scan against this type of malware; for more information about them, you can visit their website or the Apple Mac App Store.

Adrian covers daily news as well as the weekly Law & Apple column for MacLife.com. You can follow him on Twitter, if you want to.