The computer security firm Intego has recently issued a report on a new variant of the Trojan known as Flashback.G. This is a warning as well as a bad news for Mac users.
This new Trojan adopts a multi-pronged strategy in attacking users’ systems. The methods (and their success) used by this trojan depend on how vulnerable the Java is.
Systems running up-to-date versions of Java are more likely to be safe. However, outdated systems are prone to being infected through the security holes.
If systems are up-to-date and do not have the Java vulnerabilities present, Flashback.G presents a self-signed certificate which claims to be from Apple. This is an attempt to fool Mac users so that they would allow the Trojan to be installed on their systems. Once its installed, the Trojan begins searching for user names and passwords entered in and from the Mac. After that, it relays them to the malware’s authors.
The malware patches web browsers and network applications essentially to search for user names and passwords that the infected user is likely to access. It looks for a number of domains such as CNN, Google, and Yahoo along with bank websites, PayPal, and more.
Intego also reported that the Trojan can abort its own installation if it detects the presence of any antivirus applications to remain below the radar while focusing on vulnerable systems. It recommended that users on Mac OS X Snow Leopard must ensure to keep Java fully up-to-date by running a check through Software update. Snow Leopard is more prone to Trojan or we should say that the Trojan is more attracted to Snow Leopard. All users need to be aware of the social engineering trick used by trojan in attempting to gain permission for installation. Intego also recommended Mac users to get antivirus software for their systems.
This malware may not been a large threat to Mac users so far but it does have a growing presence and Apple has enhanced its efforts to combat malware. It has enhanced its File Quarantine system to provide for the daily definition checks. In the upcoming OS X Mountain Lion, Gatekeeper will be introduced. Gatekeeper is a system by which users can limit installation of apps to sources such as the Mac App Store and developers who are registered with Apple as “identified developers.”