Computer Security Mac Users Warning: The Mac OS X Trojan Variant...

Mac Users Warning: The Mac OS X Trojan Variant 'Flashback.C' Disables Built-In Malware Defenses

mac-osx-flashback-trojan-disable-malware-defenseApparently hackers who have set their targets on Mac OS X systems are reloading their armory with new and improved ammunition that essentially disables Mac systems' built-in defenses.

A new variation of a Mac backdoor Trojan dubbed 'Flashback.C', attempts to disable the built-in Mac OS X anti-malware protection called XProtect (included with Mac OS X 10.6 Snow Leopard and newer versions). The newer variant of the Flashback Trojan masquerades as an Adobe Flash Player update.

We have seen it countless times; hackers creating malware that pretends to be an update to Adobe Flash player only to be part of a scam that spreads a parasite. Not only are PCs susceptible to this common tactic but malware authors are taking aim on Mac computers.

This time the fake Adobe Flash update is essentially malware designed to lower the defenses of an infected Mac OS X system. Discovered in late September of this year, was the first variation of the Flashback Mac Trojan, Flashback.A. At that time, Flashback.A was considered to be a low-risk threat that once installed, connected to a remote server to send back stolen data such as the infected system's MAC address (unique network identifier).

The Flashback.B variant was a follow-up, or second variant, of the original Flashback.A infection. Flashback.B was designed to install on Mac system's not running the operating system in a virtual environment. The reason for this was to prevent security researchers from analyzing the malware potentially revealing the malware author's tactics.

Flashback.C, the most recent variant of the Mac Trojan, comes with additional functionally that allows it to prevent Mac's XProtect anti-malware system from updating itself with the latest security definitions. If you are at all familiar with the way anti-virus and anti-spyware programs work, then you know by not applying the latest set of definitions will basically prevent the anti-malware program from detecting any new threat. In other words, preventing definition updates would essentially leave an infected Mac system vulnerable to an attack.

Researchers are not 100% certain of the ultimate goal of Flashback.C other than it could lead to a plethora of issues after it disable's a Mac's ability to ward off malware. The common evolution of Trojans have been something that we have covered in the past in detail, traditionally on PC's running Windows. The recent occurrence and evolution of the Mac Flashback Trojan should be a stern warning to Mac users supporting the idea that they should be just as cautions as PC users. Even though the number of malware affecting Window's systems outweighs Mac's plagued with malware, we should all take heed before it is too late.

Do you use malware protection on your Mac OS X system? What are your reasons for using or not using anti-malware software?

Loading...