Intego: Malware masquerades as Flash installer

On Monday, security company Intego warned Mac users of a new Trojan horse that masquerades as a Flash Player installation package for OS X Lion.

Intego reported that the Flashback malware is available on some sites that offer a link or icon to install Flash Player; Lion users may be vulnerable to the scam because the operating system doesn't automatically include Flash. If users do click on the malicious link in Safari--launching the Mac OS X Installer--the software deactivates some security code, then deletes the original installation package. The malware then sends information about the infected Mac back to a remote server. Intego analysts are still investigating Flashback's purposes.

Protecting your Mac from this Flashback is relatively easy: Only download Flash from Adobe.com.

Monday's announcement is the second Trojan horse warning to Mac users in the last week. On Friday, security firm F-Secure warned against Trojan-Dropper:OSX/Revir.A, which appears as a Chinese-language PDF; open it up, and a backdoor connection to a remote server is made. 

As Macworld's Serenity Caldwell noted after Friday's warning about the PDF malware, one way for Mac users--particularly those who use Safari--to avoid a problem with Trojan horse malware is to uncheck Safari's Open 'Safe' Files After Downloading option (Safari -> Preferences -> General); then, as long as you practice common sense computing, you should be safe from most malicious attacks. You should also be sure to keep your OS X malware definitions up to date.

This story, "Intego: Malware masquerades as Flash installer" was originally published by Macworld.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies