Flashback Trojan Returns With a Multi-Pronged Infection Strategy

Last year, we profiled a Mac trojan horse known as "Flashback" that was masquerading as a Flash Player installer. While Apple has taken steps to protect users from the threat using its File Quarantine system under which users' computers initiate daily checks for updated malware definitions, the malware's authors have continued to tweak the trojan to improve its ability to both infect systems and evade detection.

Security firm Intego has issued a report on a new variant of the trojan, known as Flashback.G, which adopts a multi-pronged strategy in attacking users' systems. The first two methods rely on vulnerabilities in Java, and while the vulnerabilities are patched in systems running up-to-date versions of Java, outdated systems can be silently infected through these security holes.

flashback g certificate
Flashback.G's self-signed certificate seeking to trick users into allowing installation

On up-to-date systems lacking the Java vulnerabilities, Flashback.G presents a self-signed certificate claiming to be from Apple in an attempt to fool users into allowing the trojan to be installed on their systems. Once installed, the trojan begins searching for user names and passwords it can relay to the malware's authors.

This malware patches web browsers and network applications essentially to search for user names and passwords. It looks for a number of domains – websites such as Google, Yahoo!, CNN; bank websites; PayPal; and many others. Presumably, the people behind this malware are looking for both user names and passwords that they can immediately exploit – such as for a bank website – as well as others that may be reused on different sites.

Notably, Intego reports that the trojan aborts its own installation if it detects the presence of any of several antivirus applications on a user's Mac, presumably seeking to remain below the radar while focusing on vulnerable systems.

Intego recommends that users on Mac OS X Snow Leopard make sure that Java is fully up-to-date by running a check through Software Update, and for all users to be aware of the social engineering trick the trojan uses in attempting to gain permission for installation. The company of course also recommends that users equip their systems with antivirus software.

While malware has not been a tremendous threat to Mac users so far, its presence has been growing. Apple has stepped up its efforts to combat malware by enhancing its File Quarantine system to provide for the daily definition checks. OS X Mountain Lion will see another significant step with the introduction of Gatekeeper, a system by which users can limit installation of apps to sources such as the Mac App Store and developers who have registered with Apple as "identified developers".

Apple's Developer-ID program will utilize digital signatures on applications to link applications with a specific developer. If the developer is later discovered to be distributing malware or otherwise behaving improperly, installations of its existing apps can be deactivated by Gatekeeper. Gatekeeper does have its limitations, however, as it only scans applications downloaded through a handful of mechanisms such as browsers and can not detect applications that are modified by malware after their initial launch.

Top Rated Comments

androiphone Avatar
135 months ago
and this is why the 2 most important parts of computing are:

1. keep your computer up-to-date

and

2. use a little common sense when something pops up (though I admit that is easier to more knowledgeable people like us than the wider 'mass' consumer)
Score: 32 Votes (Like | Disagree)
grapes911 Avatar
135 months ago
Apple computers do not get a virus. Yeah right. (as the Tui advertisment goes).

Trojan != Virus
Score: 30 Votes (Like | Disagree)
karohan Avatar
135 months ago
Whatever, still malware.

It sounds pedantic, but it is sort of an important distinction to make. Viruses can be spread without any user input, while trojans still require the user to at some point (albeit unknowingly) permit them.
Score: 21 Votes (Like | Disagree)
Small White Car Avatar
135 months ago
Apple computers do not get a virus. Yeah right. (as the Tui advertisment goes).
First off, no one in any position of authority has ever said Macs don't or can't get viruses.

Secondly, this is a trojan, so talking about viruses here is kind of beside the point.


And to think people said that the fact that OS X lacked malware had nothing to do with it's marketshare.
Their computer marketshare is far, far larger than their malware market share.

So yeah, I'm STILL saying that there are other factors at play. If that wasn't true you'd see malware market share matching sales market share. And that hasn't happened.
Score: 18 Votes (Like | Disagree)
grapes911 Avatar
135 months ago
And to think people said that the fact that OS X lacked malware had nothing to do with it's marketshare.
The argument has usually been applied to viruses. Trojans require user input and can effect anything. Yes, security holes are taken advantage of to make this Trojan look legit, but there is no defense for the most basic Trojan. If I wrote and app that said you'll be granted three wishes after you enter your password, but instead I use your password to delete all files on you computer, that is a Trojan. There is no defense for such things expect common sense.

Whatever, still malware.
It's a huge distinction.

So for those of us who got their parents Macs..

Anyone recommend a good A/V program while we wait for ML to come out?
The best AV program is to not download from or even visit shady sites.
Score: 16 Votes (Like | Disagree)
BigBagaroo Avatar
135 months ago
Why is "Continue" the default choice when the root certificate is not trusted?
Score: 13 Votes (Like | Disagree)

Popular Stories

maxresdefault

M2 13-Inch MacBook Pro With 256GB SSD Appears Slower Than Equivalent M1 in Real-World Speed Tests

Monday June 27, 2022 1:57 pm PDT by
Benchmark testing has indicated that the 256GB variant of the 13-inch MacBook Pro with M2 chip offers slower SSD performance than its M1 equivalent, and now real-world stress testing by YouTuber Max Yuryev of Max Tech suggests that the 256GB SSD in the 13-inch MacBook Pro is also underperforming in day-to day-usage. The M2 MacBook Pro with 256GB SSD and 8GB RAM was slower than the M1 MacBook ...
original iphone 2007

15 Years Ago Today, the iPhone Went On Sale

Wednesday June 29, 2022 4:43 am PDT by
Fifteen years ago to this day, the iPhone, the revolutionary device presented to the world by the late Steve Jobs, officially went on sale. The first iPhone was announced by Steve Jobs on January 9, 2007, and went on sale on June 29, 2007. "An iPod, a phone, an internet mobile communicator... these are not three separate devices," Jobs famously said. "Today, Apple is going to reinvent the...
macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
maxresdefault

Video Comparison: M2 MacBook Pro vs. M1 MacBook Pro

Tuesday June 28, 2022 2:45 pm PDT by
Apple last week launched an updated version of the 13-inch MacBook Pro, and it is the first Mac that is equipped with an updated M2 chip. As it's using a brand new chip, we thought we'd pick up the M2 MacBook Pro and compare it to the prior-generation M1 MacBook Pro to see just what's new. Subscribe to the MacRumors YouTube channel for more videos. For the video comparison, we're using the...
iPhone 11 Pro vs iPhone 14 Pro

iPhone 11 Pro vs. 14 Pro: New Features to Expect if You've Waited to Upgrade

Monday June 27, 2022 11:22 am PDT by
With many customers choosing to upgrade their iPhone every two or three years nowadays, there are lots of iPhone 11 Pro users who might be interested in upgrading to the iPhone 14 Pro later this year. Those people are in for a treat, as three years of iPhone generations equals a long list of new features and changes to look forward to. Below, we've put together a list of new features and...
iPhone vs Galaxy Larger

Apple Executive Says Samsung Copied the iPhone and Simply 'Put a Bigger Screen Around It'

Tuesday June 28, 2022 8:59 am PDT by
The Wall Street Journal's Joanna Stern today shared a new documentary about the evolution of the iPhone ahead of the 15th anniversary of the device launching on June 29, 2007. The documentary includes an interview with Apple's marketing chief Greg Joswiak, iPhone co-creator Tony Fadell, and a family of iPhone users. One segment of the interview reflects on Android smartphones gaining larger...
M2 Pro and Max Feature

Apple's Upcoming M2 Pro Chip for High-End MacBook Pro and Mac Mini Will Reportedly Be 3nm

Monday June 27, 2022 7:31 am PDT by
TSMC will manufacture Apple's upcoming "M2 Pro" and "M3" chips based on its 3nm process, according to Taiwanese industry publication DigiTimes. "Apple reportedly has booked TSMC capacity for its upcoming 3nm M3 and M2 Pro processors," said DigiTimes, in a report focused on competition between chipmakers like TSMC and Samsung to secure 3nm chip orders. As expected, the report said TSMC will...
Apple 5G Modem Feature Triad

Kuo: Apple's Work on 5G Modem Chip 'Failed,' Qualcomm to Remain Supplier for 2023 iPhones

Tuesday June 28, 2022 9:06 am PDT by
For the last several years, Apple has been working to develop its own 5G modem chip so that it won't need to rely on Qualcomm as a supplier, but according to Apple analyst Ming-Chi Kuo, Apple's efforts "may have failed." Kuo says that his "latest survey" suggests that development on the chip has stalled, which means Qualcomm would remain the exclusive supplier for 5G chips for the 2023...