Intego: Malware masquerades as Flash installer
On Monday, security company Intego warned Mac users of a new Trojan horse that masquerades as a Flash Player installation package for OS X Lion.
Intego reported that the Flashback malware is available on some sites that offer a link or icon to install Flash Player; Lion users may be vulnerable to the scam because the operating system doesn’t automatically include Flash. If users do click on the malicious link in Safari—launching the Mac OS X Installer—the software deactivates some security code, then deletes the original installation package. The malware then sends information about the infected Mac back to a remote server. Intego analysts are still investigating Flashback’s purposes.
Protecting your Mac from this Flashback is relatively easy: Only download Flash from Adobe.com.
Monday’s announcement is the second Trojan horse warning to Mac users in the last week. On Friday, security firm F-Secure warned against Trojan-Dropper:OSX/Revir.A, which appears as a Chinese-language PDF; open it up, and a backdoor connection to a remote server is made.
As Macworld’s Serenity Caldwell noted after Friday’s warning about the PDF malware, one way for Mac users—particularly those who use Safari—to avoid a problem with Trojan horse malware is to uncheck Safari’s Open ‘Safe’ Files After Downloading option (Safari -> Preferences -> General); then, as long as you practice common sense computing, you should be safe from most malicious attacks. You should also be sure to keep your OS X malware definitions up to date.