Intego: Malware masquerades as Flash installer

Today's Best Tech Deals

Picked by Macworld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

On Monday, security company Intego warned Mac users of a new Trojan horse that masquerades as a Flash Player installation package for OS X Lion.

Intego reported that the Flashback malware is available on some sites that offer a link or icon to install Flash Player; Lion users may be vulnerable to the scam because the operating system doesn’t automatically include Flash. If users do click on the malicious link in Safari—launching the Mac OS X Installer—the software deactivates some security code, then deletes the original installation package. The malware then sends information about the infected Mac back to a remote server. Intego analysts are still investigating Flashback’s purposes.

Protecting your Mac from this Flashback is relatively easy: Only download Flash from Adobe.com.

Monday’s announcement is the second Trojan horse warning to Mac users in the last week. On Friday, security firm F-Secure warned against Trojan-Dropper:OSX/Revir.A, which appears as a Chinese-language PDF; open it up, and a backdoor connection to a remote server is made. 

As Macworld’s Serenity Caldwell noted after Friday’s warning about the PDF malware, one way for Mac users—particularly those who use Safari—to avoid a problem with Trojan horse malware is to uncheck Safari’s Open ‘Safe’ Files After Downloading option (Safari -> Preferences -> General); then, as long as you practice common sense computing, you should be safe from most malicious attacks. You should also be sure to keep your OS X malware definitions up to date.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
At a Glance
  • Pros

    • New Profile Manager
    • Massive price drop from earlier versions
    • Full 64-bit support
    • Improvements to push services, Web Mail service
    • Support for iOS device management

    Cons

    • Documentation is woefully skimpy
    • New tech may be problematic with legacy features
    • Inconsistent implementation of admin tools
    • Many bugs, some with major security implications
  
Shop Tech Products at Amazon