The injected code will then attempt to communicate with remote servers and send personal information to the servers.īeing that the code targets browsers, it may be that the malware's purpose is to grab Web site and log-in information, such as for online banking. The programs are then set to activate the code when launched, and to make this happen the installer will quit and relaunch these browsers if they are running. If the system does not have Little Snitch installed, then the installation will continue and the program will connect to a remote host from which it will download a payload that is installed in either Firefox or Safari.
This might have been done in an attempt to keep the malware from being detected, but regardless it's nice to see that tools like Little Snitch appear to block the only avenues for attack that OS X Trojan developers are taking advantage of, to the point where they've engineered the malware to just give up. If the installer detects the presence of Little Snitch, it will quit and delete itself from the system instead of attempting to continue the installation. Oddly, in addition the installer also appears to check for the presence of the outgoing firewall Little Snitch, which prevents undesired communication by local programs with remote servers. When it is run, the new version of the installer will ask for a password so it will have access to these components of the system, which in fact makes it slightly easier for an alert user to detect. The malware's installer looks legitimate, but this is not what Adobe's official installer looks like.Īdobe's official Flash installer will look like this when run.Īccording to F-Secure, the new Trojan variant (called OSX/Flashback.B) now tries to inject code into areas of the system that require administrative access, such as within Application packages like Safari and Firefox. We have been seeing this for a couple of these packages, and today security companies have found that the latest fake Flash Installer Trojan has undergone another revision. This Trojan, called OSX/flashback.A, is one of a few new malware attempts on the Mac platform that have surfaced in the past few months (others being a PDF-based malware attack and another fake Flash installer).Īs with any malware attempt, we expect there will be future revisions as the criminals developing the software try to refine their code, meaning new variants are likely to crop up. The Trojan attempts a somewhat complex attack that involves disabling security features and inserting into existing applications code that attempts to send personal information to remote servers.
A few weeks ago Intego discovered a new Trojan horse for OS X that poses as an installer for Adobe Flash.
0 kommentar(er)
