New Version of Mac Malware In The Wild

A new revision of an existing Mac malware has been spotted in the wild. This version has multiple attack vectors it will use in an effort to infect a user’s machine. Named Flashback.G, it is the first trojan that doesn’t require user intervention. Flashback.G first tries to take advantage of a pair of exploits in Java, one from 2008 and the other from November of 2011, both of which have been patched by Apple. If it is unsuccessful in exploiting either Java vulnerability, it will attempt to trick the user into running code it pretends is signed by Apple. Since the code is unsigned, a Mac will warn the user, however many users simply ignore this warning. Once installed on a computer, the malware will install a key logger and look for any username/password combinations that it can upload to a central server. Our best advice on this is to first make sure any Apple computers on your network are up to date (again, these vulnerabilities are from 2008 and 2011) and also ensure your users are aware of the risks involved with installing unsigned code. The following article provides a great screen shot at the bottom which shows how it attempts to trick users.