Posted on Wednesday, September 28 2011 @ 12:16 CEST by Thomas De Maesschalck
ARS Technica
warns about a new piece of Mac malware that pretends to be the Flash Player installer:
The malware in question is a trojan horse called Flashback (OSX/flashback.A); users may end up acquiring it by clicking a link on a malicious website to download or install Flash player. If those users also have their Safari settings to automatically open safe files (which .pkg and .mkpg files are considered to be), an installer will show up on their desktops as if they are legitimately installing Flash.
Continuing through the installation process will result in the trojan deactivating certain types of security software (Intego specifically noted that the popular Little Snitch would be affected) and installing a dynamic loader library (dyld) with that can auto-launch, "allowing it to inject code into applications the user launched." The trojan then reports back to a remote server about the user's MAC address and allows the server to detect whether the Mac in question has been infected or not.
