New Fake Adobe Flash Malware Disables Apple’s Malware Updates
By on October 20th, 2011

According to security researchers at F-Secure, a new variant of an existing Trojan Horse posing as a legitimate Flash Player installer (named Flashback.C by F-Secure) is designed to disable updates to the default Mac OS X anti- malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings.

A Trojan horse works by fooling you into running it; in this case, Flashback disguises itself as an installer package for Flash Player. This Trojan horse is potentially capable of disabling XProtectUpdater-auto-update component of Apple’s built-in XProtect anti-malware application by overwriting the system binary that checks for updates.

Screenshot of the Trojan-Downloader:OSX/Flashback.C installer

Once installed, Flashback.C first checks to see if the user is running “Little Snitch,” a firewall program that could alert the user of its actions. If it is found to be installed, the trojan deletes itself. If it doesn’t find Little Snitch, the malware then tries to connect to a remote host in order to obtain other installation files and configurations. F-Secure notes that “the remote host is up but it does not [yet] push anything.” If and when the site becomes active, it could deliver a payload that the trojan could use to disable the system’s auto-updater, using Safari or Firefox to deliver the malicious code via an LSEnvironment variable that loads when the browser restarts. The local system would be unable to obtain the latest anti-malware definitions and could subsequently be infected by other malicious programs the user installs without seeing the warnings that Mac OS X’s XProtect feature is designed to present.

If you fear that you might have been infected, you can see removal instructions given by F-Secure here. Also, always download software from original company websites to remain protected from Trojan horses like this. Read our tips to keep your computer Safe and Secure here.

Credits: Apple Insider

Tags: , ,
Author: Jatin Sapra Google Profile for Jatin Sapra
Jatin Sapra is a Facebook addict, tech-enthusiast, Apple fanboy, n00b photographer, sarcastic person, homosapien etc etc. You can follow him on Twitter @jatinsapra

Jatin Sapra has written and can be contacted at jatin@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN