Tweaked Trojan Disables Automatic Updating of OS X Anti-Malware Tools

by

Last month, we noted as part of a report on an update to the anti-malware tools in OS X that a new trojan horse threat known as Flashback.A had surfaced, with the malware masquerading as a Flash Player installer. While Apple has continued to update its XProtect.plist to detect Flashback.A, security firm F-Secure now reports (via ZDNet) that a revised version of the trojan which disables the auto-updating feature of Apple's anti-malware tools has appeared.

There's something new brewing in Mac malware development (again).

Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple's built-in OS X anti-malware application.

The report walks through how the modified trojan overwrites XProtectUpdater files, preventing infected systems from performing their daily check for updated malware definitions and thus keeping the door open for future attacks.

flashback c installer
Flashback.C installer

The Flashback.C trojan is capable of connecting to a remote host in order to download and execute further code, but it is unclear what the exploit is being used for at this time. Users are of course advised to download Flash Player and other software from trusted sources so as to avoid infecting their systems with trojans such as Flashback.C.

Update: MacRumors has heard and Sophos has confirmed that Apple had already updated its XProtect.plist entries to detect Flashback.C by the time news of it broke to the public. Consequently, users encountering the malware on Mac OS X Snow Leopard or OS X Lion should be automatically warned of the threat prior to mounting the package.

Top Rated Comments

RoboCop001 Avatar
RoboCop001
156 months ago
I don't understand why these fools waste everyone's time by writing viruses, and I mean for any platform. Can't they put that energy and effort into something positive? :mad:
Score: 31 Votes (Like | Disagree)
Aduntu Avatar
Aduntu
156 months ago
They don't, this is a Trojan. Big difference :rolleyes:
Your sarcasm meter is obviously broken.
Score: 19 Votes (Like | Disagree)
iStudentUK Avatar
iStudentUK
156 months ago
Quick everyone download MacDefender!


(My team of lawyers require me to note that I'm not actually suggesting anyone download MacDefender.)
Score: 17 Votes (Like | Disagree)
hobo.hopkins Avatar
hobo.hopkins
156 months ago
I foresee this discussion degrading very quickly...

In reality all one needs to do is be cautious of where they are downloading files, and this wouldn't be a problem.
Score: 12 Votes (Like | Disagree)
KnightWRX Avatar
KnightWRX
156 months ago
The irony. Love the self-assured arrogance though, very becoming...:rolleyes:

What Irony ? The guy is basically right, both those posts were grossly misinformed.
Score: 9 Votes (Like | Disagree)
tubular Avatar
tubular
156 months ago
A couple questions

1 - how can we tell if a machine is infected?
2 - how, if infected, can we remove it, short of a clean install?
Score: 9 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 16 Mock Header With Dynamic Island

Skipping the iPhone 15 Pro? Here's What's Rumored for iPhone 16 Pro

Friday September 22, 2023 9:29 am PDT by
Are you skipping the iPhone 15 Pro and waiting another year to upgrade? If so, we already have some iPhone 16 Pro rumors for you. Below, we recap new features rumored for the iPhone 16 Pro models so far:Larger displays: The iPhone 16 Pro and iPhone 16 Pro Max will be equipped with larger 6.3-inch and 6.9-inch displays, respectively, according to Ross Young, CEO of Display Supply Chain...
Read Full Article195 comments
Apple WWDC23 macOS Sonoma hero

macOS Sonoma Launching This Week With These New Features

Sunday September 24, 2023 12:45 pm PDT by
Apple previously announced that macOS Sonoma will be released this Tuesday, September 26. The free software update includes many new features and changes for the Mac, including the five that we have highlighted below. In addition to these five features, we have shared the full release notes for macOS Sonoma below for a complete overview of everything new. Desktop Widgets macOS Sonoma...
Read Full Article235 comments
Apple Watch Ultra 2 double tap gesture 230912

watchOS 10.1 to Enable Apple Watch's New 'Double Tap' Gesture

Thursday September 21, 2023 12:52 pm PDT by
The new Double Tap gesture for the Apple Watch Series 9 and the Apple Watch Ultra 2 will be enabled starting with watchOS 10.1, according to Marques Brownlee, host of the popular tech-focused YouTube channel MKBHD. The first beta of watchOS 10.1 will likely be available by next week, and Apple announced that the software update will be released next month. Brownlee shared his impressions...
Read Full Article87 comments